5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e | Triage

Sharing

General

Target

5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e
Size

1.1MB
Sample

221123-lp7pwabh94
MD5

c0472277dc8d80ecc9522a9d8fe734a0
SHA1

0047a28f9337e4404afde444919aaf08922c98d5
SHA256

5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e
SHA512

d040424304b431dccb46fb95e853ef318d32b8d0b0046d567860fff243cd3f60d41e6c6742001ed903d46aec681dadf9d05d8dde9d16242254b03444a4eb52e6
SSDEEP

24576:74lavt0LkLL9IMixoEgeaWwmRGgl5bWq9MmCS:Okwkn9IMHeaWwtU5KaPCS

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e
- Size
  
  1.1MB
- MD5
  
  c0472277dc8d80ecc9522a9d8fe734a0
- SHA1
  
  0047a28f9337e4404afde444919aaf08922c98d5
- SHA256
  
  5b87c6f4f1f3e64668fdf3adaf30a0f184ee96e9676f36f15fbefb29052b467e
- SHA512
  
  d040424304b431dccb46fb95e853ef318d32b8d0b0046d567860fff243cd3f60d41e6c6742001ed903d46aec681dadf9d05d8dde9d16242254b03444a4eb52e6
- SSDEEP
  
  24576:74lavt0LkLL9IMixoEgeaWwmRGgl5bWq9MmCS:Okwkn9IMHeaWwtU5KaPCS
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2