24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a | Triage

Sharing

General

Target

24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a
Size

715KB
Sample

220521-xhhyqabgd5
MD5

223f0d5a662cd55903180e94f7e1b8f9
SHA1

2496bfa1a88b2096501e3ce4fe3cda590d7a7cd2
SHA256

24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a
SHA512

a20f6f472a1b9bc8878aee80a36f33990cc574cf32a025373d99c9b6eb22a89af80c6b60211d08accbc7643bbd60abfbd551e144acb0c0c9e29fe26be695843d

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a
- Size
  
  715KB
- MD5
  
  223f0d5a662cd55903180e94f7e1b8f9
- SHA1
  
  2496bfa1a88b2096501e3ce4fe3cda590d7a7cd2
- SHA256
  
  24f4e039e68850682ba0a2b92b9f5940b241e4c23ca99fc75e1a830310a1135a
- SHA512
  
  a20f6f472a1b9bc8878aee80a36f33990cc574cf32a025373d99c9b6eb22a89af80c6b60211d08accbc7643bbd60abfbd551e144acb0c0c9e29fe26be695843d
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan