b266716ff41ca7d2a05994174c5f75083081c9dfd5b6fb8abb7f2a7c0e373950 | Triage

Sharing

General

Target

b266716ff41ca7d2a05994174c5f75083081c9dfd5b6fb8abb7f2a7c0e373950
Size

603KB
Sample

220520-2v5epsgah4
MD5

202a640b5da9a32d7050cf39eb0f7726
SHA1

d499984e6bd951514997ded82485e10844b329f6
SHA256

b266716ff41ca7d2a05994174c5f75083081c9dfd5b6fb8abb7f2a7c0e373950
SHA512

20d46542201adab3da36a971f35cee594036ec3164bc990f9b7bba3b8a8d82c69e323a7b445b9a4045e4e3266e70e1b885d7c78e30ca34bdb111b2966ddb41c0

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  b266716ff41ca7d2a05994174c5f75083081c9dfd5b6fb8abb7f2a7c0e373950
- Size
  
  603KB
- MD5
  
  202a640b5da9a32d7050cf39eb0f7726
- SHA1
  
  d499984e6bd951514997ded82485e10844b329f6
- SHA256
  
  b266716ff41ca7d2a05994174c5f75083081c9dfd5b6fb8abb7f2a7c0e373950
- SHA512
  
  20d46542201adab3da36a971f35cee594036ec3164bc990f9b7bba3b8a8d82c69e323a7b445b9a4045e4e3266e70e1b885d7c78e30ca34bdb111b2966ddb41c0
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2