df9425fcd783297e7dde4b690b10cdaf029a866681a899260e0e0bc9ec26c3dc | Triage

Submit
Reports

Overview

overview

Static

static

df9425fcd7...dc.exe

windows7-x64

df9425fcd7...dc.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

df9425fcd783297e7dde4b690b10cdaf029a866681a899260e0e0bc9ec26c3dc
Size

1016KB
Sample

221021-djfp7shebn
MD5

4471fb5e7e134df0829d8122335587a0
SHA1

f0f3244bdc3f454bcdd10a53c502dc347fe240f9
SHA256

df9425fcd783297e7dde4b690b10cdaf029a866681a899260e0e0bc9ec26c3dc
SHA512

22ba4e51e2148ac3ad8f4e0e6e0b563003b10aab2eb4a0aa58dc9ff5adf44f24b3e5102b923f26bc42d6bf06edb7caa4cc1f1acce3d550642e2d448b1ffecf4c
SSDEEP

6144:QIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUq:QIXsgtvm1De5YlOx6lzBH46U

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

df9425fcd783297e7dde4b690b10cdaf029a866681a899260e0e0bc9ec26c3dc.exe

Resource

win7-20220901-en

evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

df9425fcd783297e7dde4b690b10cdaf029a866681a899260e0e0bc9ec26c3dc.exe

Resource

win10v2004-20220901-en

evasion persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  df9425fcd783297e7dde4b690b10cdaf029a866681a899260e0e0bc9ec26c3dc
- Size
  
  1016KB
- MD5
  
  4471fb5e7e134df0829d8122335587a0
- SHA1
  
  f0f3244bdc3f454bcdd10a53c502dc347fe240f9
- SHA256
  
  df9425fcd783297e7dde4b690b10cdaf029a866681a899260e0e0bc9ec26c3dc
- SHA512
  
  22ba4e51e2148ac3ad8f4e0e6e0b563003b10aab2eb4a0aa58dc9ff5adf44f24b3e5102b923f26bc42d6bf06edb7caa4cc1f1acce3d550642e2d448b1ffecf4c
- SSDEEP
  
  6144:QIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUq:QIXsgtvm1De5YlOx6lzBH46U
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy