a34724574b8608308116557503792322d1b7aead2683db636c701462f99f5082 | Triage

Sharing

General

Target

a34724574b8608308116557503792322d1b7aead2683db636c701462f99f5082
Size

407KB
Sample

191025-1blc144gba
MD5

adad0db3c8e1c08531bc351999e341cc
SHA1

d7edc1bbd3ae3618a5dbdae57d3bd82f95d61e8b
SHA256

a34724574b8608308116557503792322d1b7aead2683db636c701462f99f5082
SHA512

107cd9ce01969be59dca9cc28a38723bdbd94018cd532298a531b794a18e020bb3a1de7ee7c634756d06b576ac0298d8e9300caf5514e5b24c3eae42ca7340d6

Score

10^/10

Malware Config

Targets

- Target
  
  a34724574b8608308116557503792322d1b7aead2683db636c701462f99f5082
- Size
  
  407KB
- MD5
  
  adad0db3c8e1c08531bc351999e341cc
- SHA1
  
  d7edc1bbd3ae3618a5dbdae57d3bd82f95d61e8b
- SHA256
  
  a34724574b8608308116557503792322d1b7aead2683db636c701462f99f5082
- SHA512
  
  107cd9ce01969be59dca9cc28a38723bdbd94018cd532298a531b794a18e020bb3a1de7ee7c634756d06b576ac0298d8e9300caf5514e5b24c3eae42ca7340d6
Score

10^/10
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
- Suspicious use of SetThreadContext
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2