24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a

Target

Size

715KB

Sample

220521-xhhyqabgd5

Score

10 ^/10

MD5

223f0d5a662cd55903180e94f7e1b8f9

SHA1

2496bfa1a88b2096501e3ce4fe3cda590d7a7cd2

SHA256

24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a

SHA512

a20f6f472a1b9bc8878aee80a36f33990cc574cf32a025373d99c9b6eb22a89af80c6b60211d08accbc7643bbd60abfbd551e144acb0c0c9e29fe26be695843d

Target

24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a

MD5

223f0d5a662cd55903180e94f7e1b8f9

Filesize

715KB

Score

10^/10

SHA1

2496bfa1a88b2096501e3ce4fe3cda590d7a7cd2

SHA256

24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a

SHA512

a20f6f472a1b9bc8878aee80a36f33990cc574cf32a025373d99c9b6eb22a89af80c6b60211d08accbc7643bbd60abfbd551e144acb0c0c9e29fe26be695843d

Signatures

UAC bypass
Tags

evasion trojan

TTPs

Bypass User Account ControlDisabling Security ToolsModify Registry
Executes dropped EXE
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Loads dropped DLL
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Program crash
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

static1

behavioral1

evasion persistence trojan

10^/10

behavioral2

evasion persistence trojan

10^/10

Tags

Signatures

UAC bypass

Tags

TTPs

Executes dropped EXE

Checks computer location settings

Description

TTPs

Loads dropped DLL

Adds Run key to start application

Tags

TTPs

Program crash

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2