9c23ff455d1025036ee79d4db881f41910d7db4be5aa00464096cd10a21edd05 | Triage

Sharing

General

Target

gdifuncs.exe
Size

5.5MB
Sample

240929-ygrpxaxemn
MD5

595dc45fb94484094c8a27639f9f5738
SHA1

87e683d77617e670ddadc8bd9d2578044a2cfe0b
SHA256

9c23ff455d1025036ee79d4db881f41910d7db4be5aa00464096cd10a21edd05
SHA512

fb3bc6501b386ba33c5078d3987f9f5bb597db3a326952e3b9de8a8a67b9dd5e0cd6e7d6b7a608eddcf0fc8b6bb1822ba333ae437e5591836548a0477d29326a
SSDEEP

98304:HQz+04D+i4DBz2NHlruSSDllNmd+5z/Le7q2//Le7q2:HQS04D+i4DZmLclKez/Lkq4/Lkq

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  gdifuncs.exe
- Size
  
  5.5MB
- MD5
  
  595dc45fb94484094c8a27639f9f5738
- SHA1
  
  87e683d77617e670ddadc8bd9d2578044a2cfe0b
- SHA256
  
  9c23ff455d1025036ee79d4db881f41910d7db4be5aa00464096cd10a21edd05
- SHA512
  
  fb3bc6501b386ba33c5078d3987f9f5bb597db3a326952e3b9de8a8a67b9dd5e0cd6e7d6b7a608eddcf0fc8b6bb1822ba333ae437e5591836548a0477d29326a
- SSDEEP
  
  98304:HQz+04D+i4DBz2NHlruSSDllNmd+5z/Le7q2//Le7q2:HQS04D+i4DZmLclKez/Lkq4/Lkq
Score

10^/10

discovery evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan