7bf4d91ba2580f01ab856b6fc05dcac639115dc469ff5f01b976ad3cc716fee9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7bf4d91ba2580f01ab856b6fc05dcac639115dc469ff5f01b976ad3cc716fee9
Size

40KB
Sample

220919-r2taxadca9
MD5

690967fe2a2152a86e34c5f5be2c6593
SHA1

e1b793b7828df67fab627a0fcbfcccdc1a3cdc01
SHA256

7bf4d91ba2580f01ab856b6fc05dcac639115dc469ff5f01b976ad3cc716fee9
SHA512

7d9acddab96631cf3de0a5bbc95d7c7ba7f79e976430eb1bf44d01a243b67b359fc3b548859ca77f36ebd37ea47f5be31ffff060618fc64e4bcd3e5c4cc8ec5f
SSDEEP

768:i47Q8P2RNT88yEZ/XdGt01qfZ/tV9JqMoxol/zpSK3f1JDaNyRP4Zv73EZg8bMx:lQA2RNT88BGtR/tG9mw

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  7bf4d91ba2580f01ab856b6fc05dcac639115dc469ff5f01b976ad3cc716fee9
- Size
  
  40KB
- MD5
  
  690967fe2a2152a86e34c5f5be2c6593
- SHA1
  
  e1b793b7828df67fab627a0fcbfcccdc1a3cdc01
- SHA256
  
  7bf4d91ba2580f01ab856b6fc05dcac639115dc469ff5f01b976ad3cc716fee9
- SHA512
  
  7d9acddab96631cf3de0a5bbc95d7c7ba7f79e976430eb1bf44d01a243b67b359fc3b548859ca77f36ebd37ea47f5be31ffff060618fc64e4bcd3e5c4cc8ec5f
- SSDEEP
  
  768:i47Q8P2RNT88yEZ/XdGt01qfZ/tV9JqMoxol/zpSK3f1JDaNyRP4Zv73EZg8bMx:lQA2RNT88BGtR/tG9mw
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan