871bbbc432ba0358b401d0ced0f2f4e312e6e657d6f5181292bf5fa57dff372b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

871bbbc432ba0358b401d0ced0f2f4e312e6e657d6f5181292bf5fa57dff372b
Size

661KB
Sample

221019-2atsgabbar
MD5

a116ff1efdfd93bb9edd5685515c2600
SHA1

7c9c2ebec2dced6eb043cba0a6c0be59f901db19
SHA256

871bbbc432ba0358b401d0ced0f2f4e312e6e657d6f5181292bf5fa57dff372b
SHA512

5b798a1bf4cf762524874171705925d0ef5e1e51dde46cc4d9037ed8946f3d28bb2c5f9320940a63ef5970fbe75bb598c2e74c7beb564da0325eb708432c219c
SSDEEP

12288:C8ysWJzqFaZpWqcORUAKIMs7wFyJa0YqGUmMYorc9QM9B6K0NVSwnEXyJQIy7wYe:CPsKwaZAqHRUAKTs79bYqGUmB27rNVF3

Score

8^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  871bbbc432ba0358b401d0ced0f2f4e312e6e657d6f5181292bf5fa57dff372b
- Size
  
  661KB
- MD5
  
  a116ff1efdfd93bb9edd5685515c2600
- SHA1
  
  7c9c2ebec2dced6eb043cba0a6c0be59f901db19
- SHA256
  
  871bbbc432ba0358b401d0ced0f2f4e312e6e657d6f5181292bf5fa57dff372b
- SHA512
  
  5b798a1bf4cf762524874171705925d0ef5e1e51dde46cc4d9037ed8946f3d28bb2c5f9320940a63ef5970fbe75bb598c2e74c7beb564da0325eb708432c219c
- SSDEEP
  
  12288:C8ysWJzqFaZpWqcORUAKIMs7wFyJa0YqGUmMYorc9QM9B6K0NVSwnEXyJQIy7wYe:CPsKwaZAqHRUAKTs79bYqGUmB27rNVF3
Score

8^/10

discovery evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan