84f2fd8889ec1540fce9731e5ec852d4bf2eec7d71b74a0f38c09e001db12b67 | Triage

Sharing

General

Target

84f2fd8889ec1540fce9731e5ec852d4bf2eec7d71b74a0f38c09e001db12b67
Size

294KB
Sample

191025-bxe5f8pxxe
MD5

a5dc467f82e6cbbdf6d43c7d21f530d1
SHA1

e86ed1f8e2d4856630bb306597d137a1bb1235f2
SHA256

84f2fd8889ec1540fce9731e5ec852d4bf2eec7d71b74a0f38c09e001db12b67
SHA512

4c85db5a0dc5e68ec0cedaf74fa7133aca71541e545a7b7c7e4af9576e08ad91c31f4617deb7f32e35d71c893d7f79672cd8e6dcc3e90ce4f9951ef09de9337c

Score

10^/10

Malware Config

Targets

- Target
  
  84f2fd8889ec1540fce9731e5ec852d4bf2eec7d71b74a0f38c09e001db12b67
- Size
  
  294KB
- MD5
  
  a5dc467f82e6cbbdf6d43c7d21f530d1
- SHA1
  
  e86ed1f8e2d4856630bb306597d137a1bb1235f2
- SHA256
  
  84f2fd8889ec1540fce9731e5ec852d4bf2eec7d71b74a0f38c09e001db12b67
- SHA512
  
  4c85db5a0dc5e68ec0cedaf74fa7133aca71541e545a7b7c7e4af9576e08ad91c31f4617deb7f32e35d71c893d7f79672cd8e6dcc3e90ce4f9951ef09de9337c
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks processor name in registry (likely anti-VM)
- Loads dropped DLL
- Program crash
- Windows security modification
  evasion trojan
- Modifies system certificate store
  evasion spyware trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
- Suspicious use of SetThreadContext
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2