7f63a4a5b89d5e303a2af0ceafba3708543d058ece827856e3c0c147aa06c941 | Triage

Sharing

General

Target

Insta.exe
Size

12.8MB
Sample

241126-n3s5raznas
MD5

4c3ace9241d17ae64a93f313fb4392eb
SHA1

6f19e4994302965abfb6442c822072737c74f20e
SHA256

7f63a4a5b89d5e303a2af0ceafba3708543d058ece827856e3c0c147aa06c941
SHA512

f913ab2726661193a54e2b2750c96427d0cb4624aa415e2642fdb3fee5685d2c4053521e1ec47c08bd4aaf61290e46e5a918b30de65f95cad988f7797e8128a5
SSDEEP

196608:K4MYg6ZcRQPJcDpkPGnIeA842sIWk/PSF+FqzmFRE+jeqUf9XDLlh5e67Ueno7FU:K4VoRQP+DpkPW9q8qkRE+CquDJCbrJU

Score

10^/10

defense_evasion discovery evasion execution exploit persistence trojan

Malware Config

Targets

- Target
  
  Insta.exe
- Size
  
  12.8MB
- MD5
  
  4c3ace9241d17ae64a93f313fb4392eb
- SHA1
  
  6f19e4994302965abfb6442c822072737c74f20e
- SHA256
  
  7f63a4a5b89d5e303a2af0ceafba3708543d058ece827856e3c0c147aa06c941
- SHA512
  
  f913ab2726661193a54e2b2750c96427d0cb4624aa415e2642fdb3fee5685d2c4053521e1ec47c08bd4aaf61290e46e5a918b30de65f95cad988f7797e8128a5
- SSDEEP
  
  196608:K4MYg6ZcRQPJcDpkPGnIeA842sIWk/PSF+FqzmFRE+jeqUf9XDLlh5e67Ueno7FU:K4VoRQP+DpkPW9q8qkRE+CquDJCbrJU
Score

10^/10

defense_evasion discovery evasion execution exploit persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Account Manipulation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Account Manipulation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Permission Groups Discovery

Local Groups

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryevasionexecutionexploitpersistencetrojan