72dc4f3aa5de6f8091645f7cb338ff2826b9c99903614f98b333cf6f46329dfd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72dc4f3aa5de6f8091645f7cb338ff2826b9c99903614f98b333cf6f46329dfd
Size

70KB
Sample

240811-2g3c7asbnp
MD5

c5482bde01a21b577429fa4fe4b046f7
SHA1

03e420d1d45c9e6facc066a7ef09e450d0c86950
SHA256

72dc4f3aa5de6f8091645f7cb338ff2826b9c99903614f98b333cf6f46329dfd
SHA512

bf130a7bd821ee24236fb1b254289501c8448321faa71a05cbe1c7b9270a0cc477470fe2e9aab0abc0f9b6b6bd9224306627e7b83ab35d14721b96779e6e0d9a
SSDEEP

1536:x2zDjFBlS8G13YgsQSGE4zCvrbiCFkaG8pyb2y+o:QPBBFGtzcJkaxpFc

Score

10^/10

defense_evasion discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  72dc4f3aa5de6f8091645f7cb338ff2826b9c99903614f98b333cf6f46329dfd
- Size
  
  70KB
- MD5
  
  c5482bde01a21b577429fa4fe4b046f7
- SHA1
  
  03e420d1d45c9e6facc066a7ef09e450d0c86950
- SHA256
  
  72dc4f3aa5de6f8091645f7cb338ff2826b9c99903614f98b333cf6f46329dfd
- SHA512
  
  bf130a7bd821ee24236fb1b254289501c8448321faa71a05cbe1c7b9270a0cc477470fe2e9aab0abc0f9b6b6bd9224306627e7b83ab35d14721b96779e6e0d9a
- SSDEEP
  
  1536:x2zDjFBlS8G13YgsQSGE4zCvrbiCFkaG8pyb2y+o:QPBBFGtzcJkaxpFc
Score

10^/10

defense_evasion discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Disable or Modify Tools

Indicator Removal

Clear Persistence

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistencetrojan

behavioral2

defense_evasiondiscoveryevasionpersistencetrojan