3c28e0ea1590a299b036aa07fa7175a252bf506cc69843021747c906dad1b6bc | Triage

Sharing

General

Target

3c28e0ea1590a299b036aa07fa7175a252bf506cc69843021747c906dad1b6bc
Size

476KB
Sample

220703-kbgqvsbhfj
MD5

e0b6bbd9bc80c81573743aba3a1494ba
SHA1

4987e7b22170e272232b5ad4935212da4b24f009
SHA256

3c28e0ea1590a299b036aa07fa7175a252bf506cc69843021747c906dad1b6bc
SHA512

cbacf11bc04099ccbb9c540b4145568ebda3d49b7f053d90f993bf9e29f07950942f032d7bd092adaabebabe6be89a19fe890005957f06fa34c7adc9a4f42715

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  3c28e0ea1590a299b036aa07fa7175a252bf506cc69843021747c906dad1b6bc
- Size
  
  476KB
- MD5
  
  e0b6bbd9bc80c81573743aba3a1494ba
- SHA1
  
  4987e7b22170e272232b5ad4935212da4b24f009
- SHA256
  
  3c28e0ea1590a299b036aa07fa7175a252bf506cc69843021747c906dad1b6bc
- SHA512
  
  cbacf11bc04099ccbb9c540b4145568ebda3d49b7f053d90f993bf9e29f07950942f032d7bd092adaabebabe6be89a19fe890005957f06fa34c7adc9a4f42715
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2