f5e5a2215efbedafe5359e969e7abfe13fd9441f46870a3ec01efbc37494edfa | Triage

Sharing

General

Target

f5e5a2215efbedafe5359e969e7abfe13fd9441f46870a3ec01efbc37494edfa
Size

973KB
Sample

221123-hm497aeb44
MD5

cb0b9766a27a5f2b7d43a7bb6b66904e
SHA1

6508d99df644c65f4da0b361a840ccd6464fb709
SHA256

f5e5a2215efbedafe5359e969e7abfe13fd9441f46870a3ec01efbc37494edfa
SHA512

548bbbdd31349ba82b72cdce1aa54985087abd73f1642289fe81a34c9d8b1e64dfb6686fa39572d399810f6031b3f300937841510cd6fa5cf099b5f4911db0cc
SSDEEP

24576:72O/GlWswtHDyg7KCZXXVbhhUED4RVPVI8Q/ELb4I/nN:jtHegPZnVhhUEDAILWUI/nN

Score

8^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  f5e5a2215efbedafe5359e969e7abfe13fd9441f46870a3ec01efbc37494edfa
- Size
  
  973KB
- MD5
  
  cb0b9766a27a5f2b7d43a7bb6b66904e
- SHA1
  
  6508d99df644c65f4da0b361a840ccd6464fb709
- SHA256
  
  f5e5a2215efbedafe5359e969e7abfe13fd9441f46870a3ec01efbc37494edfa
- SHA512
  
  548bbbdd31349ba82b72cdce1aa54985087abd73f1642289fe81a34c9d8b1e64dfb6686fa39572d399810f6031b3f300937841510cd6fa5cf099b5f4911db0cc
- SSDEEP
  
  24576:72O/GlWswtHDyg7KCZXXVbhhUED4RVPVI8Q/ELb4I/nN:jtHegPZnVhhUEDAILWUI/nN
Score

8^/10

evasion persistence trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan