234f3e03b213a8e243677870cbd64ff9ad8e1a031346f6b7e2f10cc0bdc508f5 | Triage

Sharing

General

Target

app_v3.exe
Size

11.2MB
Sample

240806-wx6snawdnm
MD5

e16a889bf0a9308c8abc3827602af39f
SHA1

e201b6b4fb3f37d1865bba4b31559772066790c8
SHA256

234f3e03b213a8e243677870cbd64ff9ad8e1a031346f6b7e2f10cc0bdc508f5
SHA512

33c907dcf87fd0112eca0100e8a3db0720b2f24b1abb0c7ea4a41a9c4dfdbdfedb23ef00ea23c0974cb4c46021b2343bfbd7e431b4d18b04514fb36fbda06be2
SSDEEP

196608:/HfggdRyU3b01Kpn3V+uq+VvpoA1HeT39IigwCeE9TFa0Z8DOjCdyllOIQjZ/Roz:3ggTdL01+l+uq+Vvz1+TtIiFPY9Z8D8j

Score

7^/10

evasion execution persistence pyinstaller trojan

Malware Config

Targets

- Target
  
  app_v3.exe
- Size
  
  11.2MB
- MD5
  
  e16a889bf0a9308c8abc3827602af39f
- SHA1
  
  e201b6b4fb3f37d1865bba4b31559772066790c8
- SHA256
  
  234f3e03b213a8e243677870cbd64ff9ad8e1a031346f6b7e2f10cc0bdc508f5
- SHA512
  
  33c907dcf87fd0112eca0100e8a3db0720b2f24b1abb0c7ea4a41a9c4dfdbdfedb23ef00ea23c0974cb4c46021b2343bfbd7e431b4d18b04514fb36fbda06be2
- SSDEEP
  
  196608:/HfggdRyU3b01Kpn3V+uq+VvpoA1HeT39IigwCeE9TFa0Z8DOjCdyllOIQjZ/Roz:3ggTdL01+l+uq+Vvz1+TtIiFPY9Z8D8j
Score

7^/10

evasion execution persistence trojan
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionexecutionpersistencetrojan