Overview

overview

10

Static

static

SecuriteIn...17.exe

windows7_x64

10

SecuriteIn...17.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.43569931.17547.14217

  • Size

    531KB

  • Sample

    200801-m1bxavdzhx

  • MD5

    17e2541126192fb39fcfd63c4ea3308a

  • SHA1

    468cc15e755e368bc56c779ac801a95dffd6c4a9

  • SHA256

    a1bf9a7b8d6dd555ea81443658567d3d5cd91cdf57ccdbaf9557db1531349f64

  • SHA512

    8b9ad5da4ff25611e5d3cc1d7645a7ac9ea6b6c1e1f1dfb1953cd3c4fbd5cf3f5e86e1cf38a01aad787848eaa421ef7f1d242bc40a0567071143e53cb25df84c

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.GenericKD.43569931.17547.14217

    • Size

      531KB

    • MD5

      17e2541126192fb39fcfd63c4ea3308a

    • SHA1

      468cc15e755e368bc56c779ac801a95dffd6c4a9

    • SHA256

      a1bf9a7b8d6dd555ea81443658567d3d5cd91cdf57ccdbaf9557db1531349f64

    • SHA512

      8b9ad5da4ff25611e5d3cc1d7645a7ac9ea6b6c1e1f1dfb1953cd3c4fbd5cf3f5e86e1cf38a01aad787848eaa421ef7f1d242bc40a0567071143e53cb25df84c

    Score
    10/10
    evasiontrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Windows security modification

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks