850ab8907999eb164044ddf865fdeb33cb83259a12cbf0e4d005944f4e39d043 | Triage

Sharing

General

Target

850ab8907999eb164044ddf865fdeb33cb83259a12cbf0e4d005944f4e39d043N
Size

69KB
Sample

240920-wbsnxayflf
MD5

9afdde19bdb7eeab0d121c2e1ea863d0
SHA1

ce9acc628acd22e462062991238c3ac954d04a7a
SHA256

850ab8907999eb164044ddf865fdeb33cb83259a12cbf0e4d005944f4e39d043
SHA512

689cfa1163c1469f93c4b05f54291a7429941bda287f09af8bf476614c944744e4eb63c045c7b4962f1f7d8c487943b7f1ca2cacc882cfae9c6d811423cfe309
SSDEEP

1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8FW+:Olg35GTslA5t3/w8z

Score

10^/10

defense_evasion discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  850ab8907999eb164044ddf865fdeb33cb83259a12cbf0e4d005944f4e39d043N
- Size
  
  69KB
- MD5
  
  9afdde19bdb7eeab0d121c2e1ea863d0
- SHA1
  
  ce9acc628acd22e462062991238c3ac954d04a7a
- SHA256
  
  850ab8907999eb164044ddf865fdeb33cb83259a12cbf0e4d005944f4e39d043
- SHA512
  
  689cfa1163c1469f93c4b05f54291a7429941bda287f09af8bf476614c944744e4eb63c045c7b4962f1f7d8c487943b7f1ca2cacc882cfae9c6d811423cfe309
- SSDEEP
  
  1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8FW+:Olg35GTslA5t3/w8z
Score

10^/10

defense_evasion discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Disable or Modify Tools

Indicator Removal

Clear Persistence

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistencetrojan

behavioral2

defense_evasiondiscoveryevasionpersistencetrojan