Overview

overview

10

Static

static

56ad1418f4...17.exe

windows7_x64

10

56ad1418f4...17.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56ad1418f470bc5e6667574e054649d85cbb1242818baf62a294bdfca90df717

  • Size

    704KB

  • Sample

    210513-vf3sjzfnnx

  • MD5

    e7f9d6dd424f33059dda93a35ab3f69c

  • SHA1

    617c2988a2149f71c185d0e5f2f0a3a2f31225ec

  • SHA256

    56ad1418f470bc5e6667574e054649d85cbb1242818baf62a294bdfca90df717

  • SHA512

    cd24b7603efa82f0cda296bddb96e6361c73de071545ab59e51ce779ceda87e85dce8b97edd12be06a8ec0b743629673360150e67f3ccec618bd14b22e5826fd

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      56ad1418f470bc5e6667574e054649d85cbb1242818baf62a294bdfca90df717

    • Size

      704KB

    • MD5

      e7f9d6dd424f33059dda93a35ab3f69c

    • SHA1

      617c2988a2149f71c185d0e5f2f0a3a2f31225ec

    • SHA256

      56ad1418f470bc5e6667574e054649d85cbb1242818baf62a294bdfca90df717

    • SHA512

      cd24b7603efa82f0cda296bddb96e6361c73de071545ab59e51ce779ceda87e85dce8b97edd12be06a8ec0b743629673360150e67f3ccec618bd14b22e5826fd

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks