401f0aa3c082c4dd449df4fd8333be8c2454f63fe9ffeb97da7c2ca6407c4c16 | Triage

Sharing

General

Target

Trojan.Win32.Blihan.pz-401f0aa3c082c4dd449df4fd8333be8c2454f63fe9ffeb97da7c2ca6407c4c16N
Size

45KB
Sample

240919-de471axerq
MD5

892cd43afe0790425b108a191aeae870
SHA1

bffb9b0606b359f5ef8852a1fc9fa9f8b72eb273
SHA256

401f0aa3c082c4dd449df4fd8333be8c2454f63fe9ffeb97da7c2ca6407c4c16
SHA512

17ca497f4689947c18dc1af84e7f4474df93f53d3d2d10791bec64abbc892a12d43b5576b62ff9565254e217e7bfd625786eae4dfa4e3c4395b509816a2a11c5
SSDEEP

768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhC:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYi

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  Trojan.Win32.Blihan.pz-401f0aa3c082c4dd449df4fd8333be8c2454f63fe9ffeb97da7c2ca6407c4c16N
- Size
  
  45KB
- MD5
  
  892cd43afe0790425b108a191aeae870
- SHA1
  
  bffb9b0606b359f5ef8852a1fc9fa9f8b72eb273
- SHA256
  
  401f0aa3c082c4dd449df4fd8333be8c2454f63fe9ffeb97da7c2ca6407c4c16
- SHA512
  
  17ca497f4689947c18dc1af84e7f4474df93f53d3d2d10791bec64abbc892a12d43b5576b62ff9565254e217e7bfd625786eae4dfa4e3c4395b509816a2a11c5
- SSDEEP
  
  768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhC:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYi
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence