0e892037eaa1fd8e0b435a176fd996044a17f14b2c6a7a55a8674192843f7c9f | Triage

Sharing

General

Target

5511834808385536.zip
Size

40KB
Sample

200406-s1z4vfbsje
MD5

0a2ad5d024ff8abac7e1a34304583964
SHA1

b6e3962db13f30cde5a5d707fbf598ecbbfeb645
SHA256

0e892037eaa1fd8e0b435a176fd996044a17f14b2c6a7a55a8674192843f7c9f
SHA512

8dedc315c0f9ee23112f4770d98789b5f5cb0204c587c8b1c03305ebb193fcee1b2d230325b4001415b3ade36fe9a5ef7c4263b40673fc4facd5de7d01d1f363

Score

8^/10

evasion persistence spreading trojan

Malware Config

Targets

- Target
  
  485731953357c358a63d27adb2740b43cd12a647b26aaa4672ae269b07dbcdbf
- Size
  
  106KB
- MD5
  
  8c7ba09e5e8a46926f2e9233c2cbf3c5
- SHA1
  
  29b031dc4829b82bc35382ed3b00202653af6eee
- SHA256
  
  485731953357c358a63d27adb2740b43cd12a647b26aaa4672ae269b07dbcdbf
- SHA512
  
  43bce0b80179d2d859c7fd93c69b6ce012ef81038f4a838a6d5357fa37215c395da740ce22b9db3dcd836ad347c16a3b5c2bf62dd57e1c78457b3d2ef2282305
Score

8^/10

evasion persistence spreading trojan
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Drops startup file
- Drops autorun.inf file
  spreading trojan
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencespreadingtrojan

behavioral2

evasionspreadingtrojan