e4ed528c73db4126dc3ac3fc8421c30aa3cb7d8b36bb6cedb352f35f4d16ba94 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e4ed528c73db4126dc3ac3fc8421c30aa3cb7d8b36bb6cedb352f35f4d16ba94
Size

71KB
Sample

240723-ehzblaweke
MD5

755ad0e314d549f5b4a7087a65f8a30c
SHA1

900c295608f60e24d6601aa0391e80970c193b52
SHA256

e4ed528c73db4126dc3ac3fc8421c30aa3cb7d8b36bb6cedb352f35f4d16ba94
SHA512

b344fd6708ed270e194c47f8137c349e83a0695cb990070644e88fcd34b59ba05a73e2fadb1a09a0749aa29003b704455935a4fac7489dc4b5045a189d43aa2b
SSDEEP

768:x/neHUjXYmP4hoZJPYzWmOeBFiO2zs03x48cttDZvxMWxRU0TsMkNVMbmo+to1kj:xWHoXfP4+jCvOeCpWtON0TeAkj

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  e4ed528c73db4126dc3ac3fc8421c30aa3cb7d8b36bb6cedb352f35f4d16ba94
- Size
  
  71KB
- MD5
  
  755ad0e314d549f5b4a7087a65f8a30c
- SHA1
  
  900c295608f60e24d6601aa0391e80970c193b52
- SHA256
  
  e4ed528c73db4126dc3ac3fc8421c30aa3cb7d8b36bb6cedb352f35f4d16ba94
- SHA512
  
  b344fd6708ed270e194c47f8137c349e83a0695cb990070644e88fcd34b59ba05a73e2fadb1a09a0749aa29003b704455935a4fac7489dc4b5045a189d43aa2b
- SSDEEP
  
  768:x/neHUjXYmP4hoZJPYzWmOeBFiO2zs03x48cttDZvxMWxRU0TsMkNVMbmo+to1kj:xWHoXfP4+jCvOeCpWtON0TeAkj
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan