f46ecfa937f5d0fab1d114514e6b3aa0cf37530ff40ca68a352469ebffaf643d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f46ecfa937f5d0fab1d114514e6b3aa0cf37530ff40ca68a352469ebffaf643d
Size

170KB
Sample

221029-xjm9tsbdgl
MD5

8419404d10346cee044668bcca838599
SHA1

6c00fff858f63dfa5b128de4b370a42632191f30
SHA256

f46ecfa937f5d0fab1d114514e6b3aa0cf37530ff40ca68a352469ebffaf643d
SHA512

563e568d0ade09d6b87818a39d069242286ad5f1b6675f987fc09b8a6357e581a1a5eec43c0d66493d8c6e81e67de20b7ff081459d7cf083c50825d2db8260f4
SSDEEP

3072:gK+vYWpwTvvIp8AK7TRIjoMKFRFhykqza0eWadiYHqYJGBWzcJvHJ:KtpwTvtH7ajoMYRFok3bdzjJGBC4v

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  f46ecfa937f5d0fab1d114514e6b3aa0cf37530ff40ca68a352469ebffaf643d
- Size
  
  170KB
- MD5
  
  8419404d10346cee044668bcca838599
- SHA1
  
  6c00fff858f63dfa5b128de4b370a42632191f30
- SHA256
  
  f46ecfa937f5d0fab1d114514e6b3aa0cf37530ff40ca68a352469ebffaf643d
- SHA512
  
  563e568d0ade09d6b87818a39d069242286ad5f1b6675f987fc09b8a6357e581a1a5eec43c0d66493d8c6e81e67de20b7ff081459d7cf083c50825d2db8260f4
- SSDEEP
  
  3072:gK+vYWpwTvvIp8AK7TRIjoMKFRFhykqza0eWadiYHqYJGBWzcJvHJ:KtpwTvtH7ajoMYRFok3bdzjJGBC4v
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2