7defc8cea1f8ee830e1985c78728051534456daf78b229fcf6566ff3ce9d32ee | Triage

Sharing

General

Target

7defc8cea1f8ee830e1985c78728051534456daf78b229fcf6566ff3ce9d32ee
Size

96KB
Sample

220919-bzxybaeghk
MD5

8b7998d0f4236f4d0bb2c145a27fcf77
SHA1

72a366ce17c86fae0ffe25411f11a6704637f454
SHA256

7defc8cea1f8ee830e1985c78728051534456daf78b229fcf6566ff3ce9d32ee
SHA512

5ee0e46758a9142debbcb35dc1701c319651d0d4061867f11ce5fd50032cafe109cdec96b476e9aec84d5eaa718d98eb47d35437cdb6b988facb70ec3eca574f
SSDEEP

1536:7mGuD0/OD6fctEwAynAnOQjbQokSrHPHvFHJR+ltYGpMPkjBBPZW8HaYD2BzyAoP:6GlctCDQpSrHvvFHJRP3QBPZW8HhD2Bq

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  7defc8cea1f8ee830e1985c78728051534456daf78b229fcf6566ff3ce9d32ee
- Size
  
  96KB
- MD5
  
  8b7998d0f4236f4d0bb2c145a27fcf77
- SHA1
  
  72a366ce17c86fae0ffe25411f11a6704637f454
- SHA256
  
  7defc8cea1f8ee830e1985c78728051534456daf78b229fcf6566ff3ce9d32ee
- SHA512
  
  5ee0e46758a9142debbcb35dc1701c319651d0d4061867f11ce5fd50032cafe109cdec96b476e9aec84d5eaa718d98eb47d35437cdb6b988facb70ec3eca574f
- SSDEEP
  
  1536:7mGuD0/OD6fctEwAynAnOQjbQokSrHPHvFHJR+ltYGpMPkjBBPZW8HaYD2BzyAoP:6GlctCDQpSrHvvFHJRP3QBPZW8HhD2Bq
Score

10^/10

evasion trojan
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2