798d27433c08c59551717469dd35d2ed021c95eb8b4fafdf7f9aca17ab30c2d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

798d27433c08c59551717469dd35d2ed021c95eb8b4fafdf7f9aca17ab30c2d4
Size

62KB
Sample

220919-z966qsaba7
MD5

ca4eb35505138538607ef959671b5f17
SHA1

43923532cbe9411189595d3974080a67d5a42991
SHA256

798d27433c08c59551717469dd35d2ed021c95eb8b4fafdf7f9aca17ab30c2d4
SHA512

7756296b93eb150ebe96d2ff479572364eaedb11e29dbb4550ac95cf7560a2e0b8898f77e738e0db97c167e2307092e796bd1a780e2f6d45f3c78f4b9a10f002
SSDEEP

1536:4mwoPfk3D2SknTaxWa++xmanuLu3jBvXHK9ZmZ6QjMqRTCGX:VwoPc3D2BT5+cizpyQjMWTCG

Score

8^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  798d27433c08c59551717469dd35d2ed021c95eb8b4fafdf7f9aca17ab30c2d4
- Size
  
  62KB
- MD5
  
  ca4eb35505138538607ef959671b5f17
- SHA1
  
  43923532cbe9411189595d3974080a67d5a42991
- SHA256
  
  798d27433c08c59551717469dd35d2ed021c95eb8b4fafdf7f9aca17ab30c2d4
- SHA512
  
  7756296b93eb150ebe96d2ff479572364eaedb11e29dbb4550ac95cf7560a2e0b8898f77e738e0db97c167e2307092e796bd1a780e2f6d45f3c78f4b9a10f002
- SSDEEP
  
  1536:4mwoPfk3D2SknTaxWa++xmanuLu3jBvXHK9ZmZ6QjMqRTCGX:VwoPc3D2BT5+cizpyQjMWTCG
Score

8^/10

evasion persistence trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencetrojan