75667fda1b99708d9fa4ca8a7c9ea246fa2e2c8d27411d623a140e6cb25b4fe8 | Triage

Resubmissions

28/09/2024, 13:46

240928-q24k7syekm 4

28/09/2024, 13:45

240928-q2k4vsydrn 3

28/09/2024, 13:44

240928-q17w8sydqk 1

28/09/2024, 13:44

240928-q1yzbs1flc 3

28/09/2024, 13:43

240928-q1lc8sydmq 4

28/09/2024, 13:42

240928-qz5eqaydlm 3

28/09/2024, 13:38

240928-qxplgs1dqd 10

Sharing

Copy URL Twitter E-mail

General

Target

redirect
Size

6KB
Sample

240928-qxplgs1dqd
MD5

bd9e3fc472b9cfba5669f127d0bf9e5a
SHA1

b8e11d3a3278e0cc5ac14d77aad5689e2fa7ae48
SHA256

75667fda1b99708d9fa4ca8a7c9ea246fa2e2c8d27411d623a140e6cb25b4fe8
SHA512

c5fd75c6c945e07dd6edafeb0b17ac69ffc4a51cbe0ab96a346e394a8eeac99da330b7ca364bfa1ea4235ed33e79fcab1635ff824aad154b8a52a4c9b359c066
SSDEEP

192:dRHLxX7777/77QF79yrD0Lod4BYCIkIOOXM6:dRr5HYo0+CIkIOOX5

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  redirect
- Size
  
  6KB
- MD5
  
  bd9e3fc472b9cfba5669f127d0bf9e5a
- SHA1
  
  b8e11d3a3278e0cc5ac14d77aad5689e2fa7ae48
- SHA256
  
  75667fda1b99708d9fa4ca8a7c9ea246fa2e2c8d27411d623a140e6cb25b4fe8
- SHA512
  
  c5fd75c6c945e07dd6edafeb0b17ac69ffc4a51cbe0ab96a346e394a8eeac99da330b7ca364bfa1ea4235ed33e79fcab1635ff824aad154b8a52a4c9b359c066
- SSDEEP
  
  192:dRHLxX7777/77QF79yrD0Lod4BYCIkIOOXM6:dRr5HYo0+CIkIOOX5
Score

10^/10

discovery evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan