5e9c621c4b78cc9b9e5ea37aaf161c0e41335c334c8e29a043a7ff47bff479be | Triage

Resubmissions

11-12-2024 16:01

241211-tf61zszkez 10

18-02-2024 14:57

240218-sbkrhsca46 10

Sharing

General

Target

ItachiNoSleep.7z
Size

11.0MB
Sample

241211-tf61zszkez
MD5

b81d881a4bd4ad9ae1231185caa6b1b4
SHA1

61956338dcd1358e484c3563fb57b7ec2b3620d7
SHA256

5e9c621c4b78cc9b9e5ea37aaf161c0e41335c334c8e29a043a7ff47bff479be
SHA512

183f136fd67162501fd18d5ffe43fc5608fa2b926eed089bee5a4c881436f310e903f9ceefcd82875e970c2ff840a147f725d94ef784986ac3858a3fdea39a78
SSDEEP

196608:WFbbwhzhoIOgdpgEOGPSyGqtjwIaY+Dgye5TIfPBp6Wkhs+Tu3:UIhhOg/ChqmYytATE/XyTu3

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  ItachiNoSleep.exe
- Size
  
  29.4MB
- MD5
  
  0736b49f07b6ad466ced7d95d6e0f303
- SHA1
  
  77d4af83b2a288771676ebdbeea8755f5825409d
- SHA256
  
  43bf2f36a8da283a7bf5288822fdade5f2f5e420c01c840352162defdbce22e3
- SHA512
  
  1ae1229bb306ab7ed290d074f02f10d67d00d82cd1805fe53aa42f2615b297e7a8671c2694ee9d8d180b28a5686cac3dd516a5840e3fbcefd3c904de10a228e7
- SSDEEP
  
  786432:b/9ozzOd+SlaO70TskW0nf0p3w9ozzOd+SlaO70TskW0nf0p3e:JozzM+wBITe0cpmozzM+wBITe0cp
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies system executable filetype association
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan