Overview

overview

10

Static

static

3

851200cc4e...0N.exe

windows7-x64

10

851200cc4e...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    851200cc4e513512b9bf430bd4364340N.exe

  • Size

    69KB

  • Sample

    240819-2tvtwazfrb

  • MD5

    851200cc4e513512b9bf430bd4364340

  • SHA1

    c6b80de6db602436a8d3df4bf82fe65916058c63

  • SHA256

    19fde9babcd7ea370c6dece3e0cfda9b2ff54337593419dd515d7747b6c3dcb4

  • SHA512

    63d2281927a6bcad4bc91f65ec72cefe3d1a9e08c03d198e068f9cc496aa12ce5381496a49469ba1253b4f3572f9e4f0538d75436ee7a512d45be19abcacd349

  • SSDEEP

    1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8Oc:Olg35GTslA5t3/w8V

Score
10/10
defense_evasiondiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      851200cc4e513512b9bf430bd4364340N.exe

    • Size

      69KB

    • MD5

      851200cc4e513512b9bf430bd4364340

    • SHA1

      c6b80de6db602436a8d3df4bf82fe65916058c63

    • SHA256

      19fde9babcd7ea370c6dece3e0cfda9b2ff54337593419dd515d7747b6c3dcb4

    • SHA512

      63d2281927a6bcad4bc91f65ec72cefe3d1a9e08c03d198e068f9cc496aa12ce5381496a49469ba1253b4f3572f9e4f0538d75436ee7a512d45be19abcacd349

    • SSDEEP

      1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8Oc:Olg35GTslA5t3/w8V

    Score
    10/10
    defense_evasiondiscoveryevasionpersistencetrojan

    • Windows security bypass

      evasiontrojan

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Indicator Removal: Clear Persistence

      remove IFEO.

      defense_evasion

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks