81d3b5c3abd888345da43a96a2b9c6e70769317b5f738f1ef2e45f800c1412ec | Triage

Sharing

General

Target

81d3b5c3abd888345da43a96a2b9c6e70769317b5f738f1ef2e45f800c1412ecN
Size

71KB
Sample

240919-gm4g8athlq
MD5

91e7ea17217219ae6ff5e247a80486d0
SHA1

67256a5f430a8f92745107bd607058c0360dc962
SHA256

81d3b5c3abd888345da43a96a2b9c6e70769317b5f738f1ef2e45f800c1412ec
SHA512

2b784d1f8ef7155d84d39aa10ccb83f18caea5f7c1b34de285386aee881e401f75fb2ea98b07c24fbfa6f90f5bba8c452cd7de5ad2f59c1078d1384df760cedc
SSDEEP

1536:xCbu2+qEzyX/vh4K+AI5JZC17KNfMCIG3nc3ij/OVVhcEnYJhy:gu2+qEzyX/vh4K+AI5JZCMNbI2nSiDOJ

Score

10^/10

defense_evasion discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  81d3b5c3abd888345da43a96a2b9c6e70769317b5f738f1ef2e45f800c1412ecN
- Size
  
  71KB
- MD5
  
  91e7ea17217219ae6ff5e247a80486d0
- SHA1
  
  67256a5f430a8f92745107bd607058c0360dc962
- SHA256
  
  81d3b5c3abd888345da43a96a2b9c6e70769317b5f738f1ef2e45f800c1412ec
- SHA512
  
  2b784d1f8ef7155d84d39aa10ccb83f18caea5f7c1b34de285386aee881e401f75fb2ea98b07c24fbfa6f90f5bba8c452cd7de5ad2f59c1078d1384df760cedc
- SSDEEP
  
  1536:xCbu2+qEzyX/vh4K+AI5JZC17KNfMCIG3nc3ij/OVVhcEnYJhy:gu2+qEzyX/vh4K+AI5JZCMNbI2nSiDOJ
Score

10^/10

defense_evasion discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Disable or Modify Tools

Indicator Removal

Clear Persistence

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistencetrojan

behavioral2

defense_evasiondiscoveryevasionpersistencetrojan