71cf7b02c18878cd5ff0e59ddb61d233821c92925e97255967c104d378fcd723 | Triage

Submit
Reports

Overview

overview

Static

static

71cf7b02c1...23.exe

windows7-x64

71cf7b02c1...23.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

71cf7b02c18878cd5ff0e59ddb61d233821c92925e97255967c104d378fcd723
Size

1016KB
Sample

221121-tfvyqage75
MD5

106c2b97d3d5d36a40028e7ac80570f0
SHA1

e945d9467f9b6ab9cf58cb0222e474278fab2a9f
SHA256

71cf7b02c18878cd5ff0e59ddb61d233821c92925e97255967c104d378fcd723
SHA512

9f61b0f6b125ced58f536c0059ca49d229d22fb0ee18cbd793debbd71a52b760cd8bf3dc78d931dc94d1c386433822af1cc4d8e6cc260589a01d0e6c7d119638
SSDEEP

6144:fIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUuB1O:fIXsgtvm1De5YlOx6lzBH46UH

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

71cf7b02c18878cd5ff0e59ddb61d233821c92925e97255967c104d378fcd723.exe

Resource

win7-20221111-en

evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

71cf7b02c18878cd5ff0e59ddb61d233821c92925e97255967c104d378fcd723.exe

Resource

win10v2004-20221111-en

evasion persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  71cf7b02c18878cd5ff0e59ddb61d233821c92925e97255967c104d378fcd723
- Size
  
  1016KB
- MD5
  
  106c2b97d3d5d36a40028e7ac80570f0
- SHA1
  
  e945d9467f9b6ab9cf58cb0222e474278fab2a9f
- SHA256
  
  71cf7b02c18878cd5ff0e59ddb61d233821c92925e97255967c104d378fcd723
- SHA512
  
  9f61b0f6b125ced58f536c0059ca49d229d22fb0ee18cbd793debbd71a52b760cd8bf3dc78d931dc94d1c386433822af1cc4d8e6cc260589a01d0e6c7d119638
- SSDEEP
  
  6144:fIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUuB1O:fIXsgtvm1De5YlOx6lzBH46UH
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy