0b5c130d1ce45f2c4498516f52e1bbe30dc71cff31869e545997c6f95b7ac9df | Triage

Submit
Reports

Overview

overview

Static

static

0b5c130d1c...df.exe

windows7-x64

0b5c130d1c...df.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0b5c130d1ce45f2c4498516f52e1bbe30dc71cff31869e545997c6f95b7ac9df
Size

1016KB
Sample

221002-j2nresfaa3
MD5

6ef88b4abcaf2f29904c91ae37631fc0
SHA1

e49adbe4a8fa2bb7ba5889a11bc9c598b26b05bf
SHA256

0b5c130d1ce45f2c4498516f52e1bbe30dc71cff31869e545997c6f95b7ac9df
SHA512

996c6364ba0a3d27ab8c3b03c6a0501d47009e16accfd70406c9b517535e7998801dc77e6aaada1145a304937f5aebef0563f0f996a78af6228f445d15011b7c
SSDEEP

6144:JIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUmDa1is0f:JIXsgtvm1De5YlOx6lzBH46Umu1q

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b5c130d1ce45f2c4498516f52e1bbe30dc71cff31869e545997c6f95b7ac9df.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b5c130d1ce45f2c4498516f52e1bbe30dc71cff31869e545997c6f95b7ac9df.exe

Resource

win10v2004-20220812-en

evasion persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  0b5c130d1ce45f2c4498516f52e1bbe30dc71cff31869e545997c6f95b7ac9df
- Size
  
  1016KB
- MD5
  
  6ef88b4abcaf2f29904c91ae37631fc0
- SHA1
  
  e49adbe4a8fa2bb7ba5889a11bc9c598b26b05bf
- SHA256
  
  0b5c130d1ce45f2c4498516f52e1bbe30dc71cff31869e545997c6f95b7ac9df
- SHA512
  
  996c6364ba0a3d27ab8c3b03c6a0501d47009e16accfd70406c9b517535e7998801dc77e6aaada1145a304937f5aebef0563f0f996a78af6228f445d15011b7c
- SSDEEP
  
  6144:JIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUmDa1is0f:JIXsgtvm1De5YlOx6lzBH46Umu1q
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy