ff536d51ab667c0546c33352c460bbceb6722d333932ba992364b032cba6af1e | Triage

Sharing

General

Target

b4253f3ea96808cba77b8ceb0f76d1d4.exe
Size

1.2MB
Sample

220525-se1xxabeb8
MD5

b4253f3ea96808cba77b8ceb0f76d1d4
SHA1

d4b776ae1c0fa40c532a812dd69cd199e1fef94e
SHA256

ff536d51ab667c0546c33352c460bbceb6722d333932ba992364b032cba6af1e
SHA512

bceebeb1435b0858b9462ad42fdab065c81f90db8f8ea19c6d08d14574720ec71a260b6675180362db9639d5707b0a11c7b6027d7c8e1055ba06a30c7cfb0c90

Score

10^/10

evasion persistence suricata trojan

Malware Config

Targets

- Target
  
  b4253f3ea96808cba77b8ceb0f76d1d4.exe
- Size
  
  1.2MB
- MD5
  
  b4253f3ea96808cba77b8ceb0f76d1d4
- SHA1
  
  d4b776ae1c0fa40c532a812dd69cd199e1fef94e
- SHA256
  
  ff536d51ab667c0546c33352c460bbceb6722d333932ba992364b032cba6af1e
- SHA512
  
  bceebeb1435b0858b9462ad42fdab065c81f90db8f8ea19c6d08d14574720ec71a260b6675180362db9639d5707b0a11c7b6027d7c8e1055ba06a30c7cfb0c90
Score

10^/10

persistence evasion suricata trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- UAC bypass
  evasion trojan
- suricata: ET MALWARE Arechclient2 Backdoor CnC Init
  suricata: ET MALWARE Arechclient2 Backdoor CnC Init
  suricata
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencesuricatatrojan