..
Click anywhere to stop
Click anywhere to stop
Class | Trojan |
Platform | Win32 |
Family | Agent |
Full name | Trojan.Win32.Agent.nevwjw |
Examples |
396E3AAE9A379D02232690FD73A9BDFE 49C36F0076E136708BAC974A0D649E79 F5BE42F5B367F30B739E4479FE408EA1 D4DC53EA30425016356193D209DF2870 528A08162147B0E7FD02F51A3C05091D |
Updated at | 2023-11-13 08:17:09 |
Tactics & techniques MITRE* |
TA0005 Defense EvasionThe adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses. T1036 MasqueradingAdversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Renaming abusable system utilities to evade security monitoring is also a form of Masquerading.(Citation: LOLBAS Main Site) Masquerading may also include the use of Proxy or VPNs to disguise IP addresses, which can allow adversaries to blend in with normal network traffic and bypass conditional access policies or anti-abuse protections. The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses. T1070.006 Indicator Removal: TimestompAdversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
Timestomping may be used along with file name Masquerading to hide malware and tools.(Citation: WindowsIR Anti-Forensic Techniques) |
Find out the statistics of the threats spreading in your region |