78506861635b537bdfd939c5fad8265ee1e0153c59aabac5d3aad5da8b9d8aaa | Triage

Sharing

General

Target

BankCopy672335.jar
Size

406KB
Sample

200630-jvsl8rfcl6
MD5

ca5d430caea361879fcfb90e54cc2510
SHA1

8be576b34f77727f67c2c3ba8d26b425ff673122
SHA256

78506861635b537bdfd939c5fad8265ee1e0153c59aabac5d3aad5da8b9d8aaa
SHA512

02f0324a5e428819de8c30e862da1bbd328ec532a9097305795418293b935e3ea0af5c71ba1df4429db0ab5b9636fdfa8170002c193abb8805d031c6b872faa6

Score

10^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  BankCopy672335.jar
- Size
  
  406KB
- MD5
  
  ca5d430caea361879fcfb90e54cc2510
- SHA1
  
  8be576b34f77727f67c2c3ba8d26b425ff673122
- SHA256
  
  78506861635b537bdfd939c5fad8265ee1e0153c59aabac5d3aad5da8b9d8aaa
- SHA512
  
  02f0324a5e428819de8c30e862da1bbd328ec532a9097305795418293b935e3ea0af5c71ba1df4429db0ab5b9636fdfa8170002c193abb8805d031c6b872faa6
Score

10^/10

persistence evasion trojan discovery
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Checks for installed software on the system
  discovery
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceevasiontrojandiscovery

behavioral2

persistenceevasiontrojandiscovery