4d07a2b0ebb01f02421f61ad6bd0a931c1e1d3c8803467193e66f4a58b0b93d4 | Triage

Sharing

General

Target

4d07a2b0ebb01f02421f61ad6bd0a931c1e1d3c8803467193e66f4a58b0b93d4
Size

12.5MB
Sample

241126-m1hessvjdr
MD5

2c30f292a8d28a0e496bc8ff068e95aa
SHA1

39f45ee2f8ed727630f60878a4bd8391a7b1dbe5
SHA256

4d07a2b0ebb01f02421f61ad6bd0a931c1e1d3c8803467193e66f4a58b0b93d4
SHA512

fc09bef73f366354a206d8d33250fe8d4934d45c791e0909e2091f7f2db01f55ad0d8a888866eedec992dda481f38cdb6470b2e08f0791525220f0e6a534b445
SSDEEP

196608:3WxUHB2XJmZ7JVPvmlwlkGWRd1IS+1nZSOwJ3Y7ao5aN1a7CEfGGcXNm:3WxUhLPmlGAdeSO8Owtmgo7CEn8g

Score

10^/10

defense_evasion discovery evasion exploit persistence trojan

Malware Config

Targets

- Target
  
  4d07a2b0ebb01f02421f61ad6bd0a931c1e1d3c8803467193e66f4a58b0b93d4
- Size
  
  12.5MB
- MD5
  
  2c30f292a8d28a0e496bc8ff068e95aa
- SHA1
  
  39f45ee2f8ed727630f60878a4bd8391a7b1dbe5
- SHA256
  
  4d07a2b0ebb01f02421f61ad6bd0a931c1e1d3c8803467193e66f4a58b0b93d4
- SHA512
  
  fc09bef73f366354a206d8d33250fe8d4934d45c791e0909e2091f7f2db01f55ad0d8a888866eedec992dda481f38cdb6470b2e08f0791525220f0e6a534b445
- SSDEEP
  
  196608:3WxUHB2XJmZ7JVPvmlwlkGWRd1IS+1nZSOwJ3Y7ao5aN1a7CEfGGcXNm:3WxUhLPmlGAdeSO8Owtmgo7CEn8g
Score

10^/10

defense_evasion discovery evasion exploit persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryevasionexploitpersistencetrojan