016eebc24c9da60e08096d2f6ca7ee879bd0212be72760c22532b09443f8d0f9 | Triage

Sharing

General

Target

Insta乗っ取り.exe
Size

12.5MB
Sample

241126-nq9lzawjhp
MD5

06f0660faa94e434e6c02f6b0ffbbec1
SHA1

df4cba0735df4ba2b6c3921d5c47fecdba1335d7
SHA256

016eebc24c9da60e08096d2f6ca7ee879bd0212be72760c22532b09443f8d0f9
SHA512

5cc8a0c21e7e0024af04b2406c1944d5b761eee588a304b921cf8f0b8e45d0519af5560a91302896f4f9dd3c234750f15f9de0113f0e3484d672c168e27a9590
SSDEEP

393216:jDrp4LWxJf5c5e/hz9sCoXD10+apgyVB:jDyyxJfa5ihz9sl10hn

Score

10^/10

defense_evasion discovery evasion execution exploit persistence trojan

Malware Config

Targets

- Target
  
  Insta乗っ取り.exe
- Size
  
  12.5MB
- MD5
  
  06f0660faa94e434e6c02f6b0ffbbec1
- SHA1
  
  df4cba0735df4ba2b6c3921d5c47fecdba1335d7
- SHA256
  
  016eebc24c9da60e08096d2f6ca7ee879bd0212be72760c22532b09443f8d0f9
- SHA512
  
  5cc8a0c21e7e0024af04b2406c1944d5b761eee588a304b921cf8f0b8e45d0519af5560a91302896f4f9dd3c234750f15f9de0113f0e3484d672c168e27a9590
- SSDEEP
  
  393216:jDrp4LWxJf5c5e/hz9sCoXD10+apgyVB:jDyyxJfa5ihz9sl10hn
Score

10^/10

defense_evasion discovery evasion execution exploit persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexecutionexploitpersistencetrojan