1b2bc5e892dc850638286810f2052f14a09a13d5838906c44c6b83480e12a553 | Triage

Sharing

General

Target

1b2bc5e892dc850638286810f2052f14a09a13d5838906c44c6b83480e12a553
Size

885KB
Sample

220607-yadjpsefbp
MD5

3194807169253663df84e18eebaa4a9f
SHA1

79b105e7bc4a15ac8512c2365880c3fd69d3cd32
SHA256

1b2bc5e892dc850638286810f2052f14a09a13d5838906c44c6b83480e12a553
SHA512

a42c78a4a32336aa963df6dcb47f97e6420f7cf355852f4f37d31afa2a4b01d3305668cc7ed133821ddec36945a4637ddadc7cc360af53e4137ec505c9f60c02

Score

10^/10

evasion persistence suricata trojan

Malware Config

Targets

- Target
  
  ?????????????/??????.url
- Size
  
  219B
- MD5
  
  122e953f3a92541c27cc62db2d9bb0f7
- SHA1
  
  5c85d98b4bce0daac9631297ddb00b005161d131
- SHA256
  
  5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd
- SHA512
  
  77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583
Score

6^/10

evasion trojan persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  1/????.EXE
- Size
  
  108KB
- MD5
  
  4896192ec4694990e55771cb62319761
- SHA1
  
  13c06c5419936f9afa253935f6cc36f0cd5f918c
- SHA256
  
  12961fc98232445adc5166ef4b5394f8b0400e3b04aceb4aac481692e222e48b
- SHA512
  
  bb7057e4530e4f4538809873bfd556a1ffbbb1b2841a93498b43d8ff5c3a98ce0aa3999a9213aaa2f4182cb30f9ee444ccac89015ef841e40e5325736056fd6f
Score

1^/10
behavioral3 behavioral4
- Target
  
  1/www.xiaodao.la.dll
- Size
  
  1.8MB
- MD5
  
  9e32a63292efcf3bc85001b842a93bb0
- SHA1
  
  ff2e9512bfcc337707ececa1c8e341b44528215f
- SHA256
  
  51d0a9c432e39a64aeb84fb705f769086c45de724393880c1aaebaf84c924217
- SHA512
  
  63dac8b93f0d54d3b52bc3b8c79efcedbc5a6f9ee305e342f9c5515821bc7edd6a73c75ee6d1a51f10d7548969c44c791210629fbad7129545291e881842edc6
Score

10^/10

evasion suricata
- Modifies firewall policy service
  evasion
- suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
  suricata
- suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

evasionsuricata