Overview

overview

10

Static

static

0b43d91191...60.exe

windows7-x64

10

0b43d91191...60.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360

  • Size

    1.1MB

  • Sample

    221003-b1yk8sagg9

  • MD5

    044cb19e4e1942fb0b1004f9b151eec0

  • SHA1

    c8bddbb3905526bbad18edf7653633bb63880b61

  • SHA256

    0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360

  • SHA512

    3b6cdaeaf1149f326007c471b5b0bb7b7874f70560dc8474c0da2d5abfa733aa8d00627d3b80724b1fa1d96fde7ec420bd04fd4c150d3bb3fe98c223aa59cc41

  • SSDEEP

    24576:QHouPLIqkATOei7WB5GCD/YlklobAXewM:sP1jAWyCk2obAXzM

Score
10/10
evasionpersistencetrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://93.115.82.248/?0=1&1=0&2=3&3=i&4=7601&5=1&6=1111&7=xktvprlbvt

Targets

    • Target

      0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360

    • Size

      1.1MB

    • MD5

      044cb19e4e1942fb0b1004f9b151eec0

    • SHA1

      c8bddbb3905526bbad18edf7653633bb63880b61

    • SHA256

      0b43d91191267cbe15aad550327f8ff796fc51835919c8f26500a856bc123360

    • SHA512

      3b6cdaeaf1149f326007c471b5b0bb7b7874f70560dc8474c0da2d5abfa733aa8d00627d3b80724b1fa1d96fde7ec420bd04fd4c150d3bb3fe98c223aa59cc41

    • SSDEEP

      24576:QHouPLIqkATOei7WB5GCD/YlklobAXewM:sP1jAWyCk2obAXzM

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Stops running service(s)

      evasion

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Modify Existing Service

1
T1031

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

5
T1112

Impair Defenses

1
T1562

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks