f524f1b36c0977f36c15a0d4f7a7b1a78d73c667c419c0d8f6ea8f5d35cb040b | Triage

Submit
Reports

Overview

overview

Static

static

f524f1b36c...0b.exe

windows7-x64

f524f1b36c...0b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f524f1b36c0977f36c15a0d4f7a7b1a78d73c667c419c0d8f6ea8f5d35cb040b
Size

389KB
Sample

221003-aq8g1sadbj
MD5

44be29f905e5808121245b05ce13c970
SHA1

044875808fb93953dc25e8a2998cb3a33d0522a3
SHA256

f524f1b36c0977f36c15a0d4f7a7b1a78d73c667c419c0d8f6ea8f5d35cb040b
SHA512

0415f486023c6c63f3ca04a097df8a9577106a4fbbc3590de223511b8d7e5a7313b56e32b6e9cf95417c597ffeaef549fe8578173db6046b8d05b1ec7f7d5508
SSDEEP

3072:VTlmPVcdgJs8HjfYv27XaaHw7Koj4rt032QdMTPmb3HwInv4JMke9PkvDnM8ua7:VTMPVcdgnDfYe7G2QdDb3Uh7

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

f524f1b36c0977f36c15a0d4f7a7b1a78d73c667c419c0d8f6ea8f5d35cb040b.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

f524f1b36c0977f36c15a0d4f7a7b1a78d73c667c419c0d8f6ea8f5d35cb040b.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  f524f1b36c0977f36c15a0d4f7a7b1a78d73c667c419c0d8f6ea8f5d35cb040b
- Size
  
  389KB
- MD5
  
  44be29f905e5808121245b05ce13c970
- SHA1
  
  044875808fb93953dc25e8a2998cb3a33d0522a3
- SHA256
  
  f524f1b36c0977f36c15a0d4f7a7b1a78d73c667c419c0d8f6ea8f5d35cb040b
- SHA512
  
  0415f486023c6c63f3ca04a097df8a9577106a4fbbc3590de223511b8d7e5a7313b56e32b6e9cf95417c597ffeaef549fe8578173db6046b8d05b1ec7f7d5508
- SSDEEP
  
  3072:VTlmPVcdgJs8HjfYv27XaaHw7Koj4rt032QdMTPmb3HwInv4JMke9PkvDnM8ua7:VTMPVcdgnDfYe7G2QdDb3Uh7
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

© 2018-2025

Terms | Privacy