e2eff8f77c2c78eb9d5a78fe42a208602e1d3bcb2c7d47ab0c2952d8d78fde24 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2eff8f77c2c78eb9d5a78fe42a208602e1d3bcb2c7d47ab0c2952d8d78fde24
Size

45KB
Sample

240928-dh42eawdpa
MD5

f5a571bdf9c3e66edd268ba81dfbfd64
SHA1

bcad3cfe2840b007913198b5863c414461b2ed85
SHA256

e2eff8f77c2c78eb9d5a78fe42a208602e1d3bcb2c7d47ab0c2952d8d78fde24
SHA512

147ef790414ed65197045de58cedd3158637ea5203b3a903b470a3f016cf08d653f394e3f4080f59c3ca389308f0a323250702ad0cdc45cb3d99840f4859a957
SSDEEP

768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvRWrE54:RUNHFKQbIkHvGkAzm4

Score

10^/10

defense_evasion discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  e2eff8f77c2c78eb9d5a78fe42a208602e1d3bcb2c7d47ab0c2952d8d78fde24
- Size
  
  45KB
- MD5
  
  f5a571bdf9c3e66edd268ba81dfbfd64
- SHA1
  
  bcad3cfe2840b007913198b5863c414461b2ed85
- SHA256
  
  e2eff8f77c2c78eb9d5a78fe42a208602e1d3bcb2c7d47ab0c2952d8d78fde24
- SHA512
  
  147ef790414ed65197045de58cedd3158637ea5203b3a903b470a3f016cf08d653f394e3f4080f59c3ca389308f0a323250702ad0cdc45cb3d99840f4859a957
- SSDEEP
  
  768:WAUJmQCcmLCXQq6fsKiJYsIkjJVzqsVG5kuGVAQvRWrE54:RUNHFKQbIkHvGkAzm4
Score

10^/10

defense_evasion discovery evasion persistence trojan
- Windows security bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops file in Drivers directory
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Disable or Modify Tools

Indicator Removal

Clear Persistence

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistencetrojan

behavioral2

defense_evasiondiscoveryevasionpersistencetrojan