b620e36b43181cc7759e16ef34dbdbc1cf9ccd00ec57d2e95934034dbd14fa19 | Triage

Sharing

General

Target

b620e36b43181cc7759e16ef34dbdbc1cf9ccd00ec57d2e95934034dbd14fa19
Size

609KB
Sample

221003-ebnxaagbbj
MD5

60404da21a737ded92c5bf41c60926b0
SHA1

d252d04c4756a5bc92edfb822052ba7d0e24985a
SHA256

b620e36b43181cc7759e16ef34dbdbc1cf9ccd00ec57d2e95934034dbd14fa19
SHA512

a2c3520087eba3d97a62aa2bc9ea26106f08d36fb5b9339b0146b8e9c15963ac8d35916746935d969660cb69841309311e7bf1e1881515ef115fd63762922996
SSDEEP

12288:zMNn67aQEwhT94OGIAoIFOTDO6qfHlvcAkZnZ9PQLrNOr:ANnHSObTo46DxqfFvxkZnILpO

Score

8^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  b620e36b43181cc7759e16ef34dbdbc1cf9ccd00ec57d2e95934034dbd14fa19
- Size
  
  609KB
- MD5
  
  60404da21a737ded92c5bf41c60926b0
- SHA1
  
  d252d04c4756a5bc92edfb822052ba7d0e24985a
- SHA256
  
  b620e36b43181cc7759e16ef34dbdbc1cf9ccd00ec57d2e95934034dbd14fa19
- SHA512
  
  a2c3520087eba3d97a62aa2bc9ea26106f08d36fb5b9339b0146b8e9c15963ac8d35916746935d969660cb69841309311e7bf1e1881515ef115fd63762922996
- SSDEEP
  
  12288:zMNn67aQEwhT94OGIAoIFOTDO6qfHlvcAkZnZ9PQLrNOr:ANnHSObTo46DxqfFvxkZnILpO
Score

8^/10

discovery evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2