ee7e97a138919f82d0161cea181a245cd18b5b5af6f7ead3a79d471faff1c712 | Triage

Submit
Reports

Overview

overview

Static

static

Quote_4589...00.exe

windows7_x64

Quote_4589...00.exe

windows10_x64

3

Sharing

General

Target

Quote_45893216_33661100.zip
Size

19KB
Sample

210421-8ff9x3q9ds
MD5

d686d901b643c73fc0f5e513866c7f26
SHA1

e5ebfa73ae95f090c9f741a4c01eb47adedd8c79
SHA256

ee7e97a138919f82d0161cea181a245cd18b5b5af6f7ead3a79d471faff1c712
SHA512

eaf3a80cc9199b76ba8447fcf2ab0d2cd41366cc60d01585c9dc1355d7d683cfa8ce62a8d663b464bff5ffecacac45ac45598a25c070c2200299cb3217b440aa

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quote_45893216_33661100.exe

Resource

win7v20210410

evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quote_45893216_33661100.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Quote_45893216_33661100.exe
- Size
  
  41KB
- MD5
  
  49472c72b43392ff15b276e7fa2b06f0
- SHA1
  
  2f477723cff77c758e3e7e523956fd2a40230559
- SHA256
  
  183deb437b9c1908c61337b4e8cd2dc24625a542a57f5165ac0022da0a67751a
- SHA512
  
  e9615b0f6861dcbd196e1620f289e80f0ad0efafb78417d0c4cd5b354a2cdbb198c9c49e5f6d93fc042cb6c28857605a4e8cfb67435261571f3f569220bd2f58
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Looks for VirtualBox Guest Additions in registry
  evasion
- Nirsoft
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Disabling Security Tools

Bypass User Account Control

Virtualization/Sandbox Evasion

Install Root Certificate

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy