3738f00e252e56c1f8f975be5e2892ab5a5d4dc9356aed5c3115100518ea86aa | Triage

Sharing

General

Target

3738f00e252e56c1f8f975be5e2892ab5a5d4dc9356aed5c3115100518ea86aa
Size

521KB
Sample

221123-1jsq4aae41
MD5

467a138cd67baef27295ac0b3cbc495e
SHA1

ef26a33665791d728f280bfe88c091ad5ace8c21
SHA256

3738f00e252e56c1f8f975be5e2892ab5a5d4dc9356aed5c3115100518ea86aa
SHA512

af31891a154b6de2091f6d00631bee1400feb6fb34535f51afdcf87dc1fdd31602fdcd0dc9d0de4950337a24b8473242b87ceaaf103919cc29433ca7db1c3290
SSDEEP

3072:eI1Y7fEq+P0cxxVu8jEhIGRZwW2JoYYubdWKOgt:c+8MfomoazJlXZWdg

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  3738f00e252e56c1f8f975be5e2892ab5a5d4dc9356aed5c3115100518ea86aa
- Size
  
  521KB
- MD5
  
  467a138cd67baef27295ac0b3cbc495e
- SHA1
  
  ef26a33665791d728f280bfe88c091ad5ace8c21
- SHA256
  
  3738f00e252e56c1f8f975be5e2892ab5a5d4dc9356aed5c3115100518ea86aa
- SHA512
  
  af31891a154b6de2091f6d00631bee1400feb6fb34535f51afdcf87dc1fdd31602fdcd0dc9d0de4950337a24b8473242b87ceaaf103919cc29433ca7db1c3290
- SSDEEP
  
  3072:eI1Y7fEq+P0cxxVu8jEhIGRZwW2JoYYubdWKOgt:c+8MfomoazJlXZWdg
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2