dd2dc1dbe04444a96e4d90158e08e5c0c4dc167bcca0395cfac0022b9ecab409 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd2dc1dbe04444a96e4d90158e08e5c0c4dc167bcca0395cfac0022b9ecab409
Size

240KB
Sample

221004-gy8w3sfdaj
MD5

48f00558fb5465770cee1523a427c820
SHA1

08bc9fa75265df827cb0b1c960e3fb1ad82bfb0a
SHA256

dd2dc1dbe04444a96e4d90158e08e5c0c4dc167bcca0395cfac0022b9ecab409
SHA512

484b011bb3a16ed2f8d494a74c4aa84139d7ba881eec7ae6194c40837596fdf05d6e00cccb1129f993074abe548d6c8875048c9f4d40fbb810c5b3ec9fd32262
SSDEEP

3072:wHMNyf21VHTCyPNHhP/VToqbeAtoH2ts7bLkAV7sp23MANi4q6DTQ:wHM1t5tDoH2tIs

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  dd2dc1dbe04444a96e4d90158e08e5c0c4dc167bcca0395cfac0022b9ecab409
- Size
  
  240KB
- MD5
  
  48f00558fb5465770cee1523a427c820
- SHA1
  
  08bc9fa75265df827cb0b1c960e3fb1ad82bfb0a
- SHA256
  
  dd2dc1dbe04444a96e4d90158e08e5c0c4dc167bcca0395cfac0022b9ecab409
- SHA512
  
  484b011bb3a16ed2f8d494a74c4aa84139d7ba881eec7ae6194c40837596fdf05d6e00cccb1129f993074abe548d6c8875048c9f4d40fbb810c5b3ec9fd32262
- SSDEEP
  
  3072:wHMNyf21VHTCyPNHhP/VToqbeAtoH2ts7bLkAV7sp23MANi4q6DTQ:wHM1t5tDoH2tIs
Score

10^/10

evasion persistence trojan
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan