461add8a256e74ca872b6eccd281fc9026ff8a24900eaf4a27267e189ddec67b | Triage

Sharing

General

Target

461add8a256e74ca872b6eccd281fc9026ff8a24900eaf4a27267e189ddec67b
Size

130KB
Sample

191025-pzkgezzrxa
MD5

cdfe5eeec1d30669f726c46f9e5b457e
SHA1

1233e7dea7b8672246c75fc740c722ea06e7857b
SHA256

461add8a256e74ca872b6eccd281fc9026ff8a24900eaf4a27267e189ddec67b
SHA512

61f96a2394f7fc6eacfae192f8acda0cff49115599492bac4bcb6f749d7fc55dc997db87f1643c35f0a77dc8cad823988de5d9a1ae572f1fef00aeb9ffdbe4c7

Score

8^/10

Malware Config

Targets

- Target
  
  461add8a256e74ca872b6eccd281fc9026ff8a24900eaf4a27267e189ddec67b
- Size
  
  130KB
- MD5
  
  cdfe5eeec1d30669f726c46f9e5b457e
- SHA1
  
  1233e7dea7b8672246c75fc740c722ea06e7857b
- SHA256
  
  461add8a256e74ca872b6eccd281fc9026ff8a24900eaf4a27267e189ddec67b
- SHA512
  
  61f96a2394f7fc6eacfae192f8acda0cff49115599492bac4bcb6f749d7fc55dc997db87f1643c35f0a77dc8cad823988de5d9a1ae572f1fef00aeb9ffdbe4c7
Score

8^/10
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2