7f33e37d7a6099f786205c568260d4bbc03a389cc31d646bd200a1028eaccc34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.dzhi-7f33e37d7a6099f786205c568260d4bbc03a389cc31d646bd200a1028eaccc34
Size

1.8MB
Sample

221106-xevhcaaagr
MD5

e1534eea65651abeedba53778e4b7baa
SHA1

c7caf039101b067c95950305b256c6748768a41d
SHA256

7f33e37d7a6099f786205c568260d4bbc03a389cc31d646bd200a1028eaccc34
SHA512

331dca2b119f5d1355909b343cb4d98d57a8710830db038292c9c86bf5719fbc61a843daf97ee413480ade14180de12d815dfea8d39a84c72a6632054b1eef9c
SSDEEP

49152:mCL0fde68iIZPHUApq1L0tHoKvjLnWkS2cPyJmntIFspiL:BLHP1O0tHP3XS7aJqgspi

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.dzhi-7f33e37d7a6099f786205c568260d4bbc03a389cc31d646bd200a1028eaccc34
- Size
  
  1.8MB
- MD5
  
  e1534eea65651abeedba53778e4b7baa
- SHA1
  
  c7caf039101b067c95950305b256c6748768a41d
- SHA256
  
  7f33e37d7a6099f786205c568260d4bbc03a389cc31d646bd200a1028eaccc34
- SHA512
  
  331dca2b119f5d1355909b343cb4d98d57a8710830db038292c9c86bf5719fbc61a843daf97ee413480ade14180de12d815dfea8d39a84c72a6632054b1eef9c
- SSDEEP
  
  49152:mCL0fde68iIZPHUApq1L0tHoKvjLnWkS2cPyJmntIFspiL:BLHP1O0tHP3XS7aJqgspi
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan