fc54b3fa585ed5f0ba2e4bcb35fef5efab3047fda88faf4f929edf6906e96e8a | Triage

Sharing

General

Target

sa.bat
Size

4KB
Sample

241001-qqpmxawapd
MD5

fa632469970851bea61bc599f60804ab
SHA1

8c25b218fe42577c7f7da82a90f1c302aadb934e
SHA256

fc54b3fa585ed5f0ba2e4bcb35fef5efab3047fda88faf4f929edf6906e96e8a
SHA512

df7a1ff63ad4116f11728d7eb2cc11c7e4bba5bcc2f250885d491efa370be3eef2e320665bfae17856549640556d94b49d6bd063155966059c53854391e7c6af
SSDEEP

96:tT2T93BJmEAyKe6tfRywHBA4FOzm6z1f+7Sc6Hks8:vrRtfphWmcOSG

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  sa.bat
- Size
  
  4KB
- MD5
  
  fa632469970851bea61bc599f60804ab
- SHA1
  
  8c25b218fe42577c7f7da82a90f1c302aadb934e
- SHA256
  
  fc54b3fa585ed5f0ba2e4bcb35fef5efab3047fda88faf4f929edf6906e96e8a
- SHA512
  
  df7a1ff63ad4116f11728d7eb2cc11c7e4bba5bcc2f250885d491efa370be3eef2e320665bfae17856549640556d94b49d6bd063155966059c53854391e7c6af
- SSDEEP
  
  96:tT2T93BJmEAyKe6tfRywHBA4FOzm6z1f+7Sc6Hks8:vrRtfphWmcOSG
Score

10^/10

evasion trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Scheduled Task/Job

Scheduled Task

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4