830df826a7b97e1c5d162e38282a0ec4de0ddc555949cb767afd0fb9b764b16b | Triage

Sharing

General

Target

830df826a7b97e1c5d162e38282a0ec4de0ddc555949cb767afd0fb9b764b16b
Size

1016KB
Sample

221123-vvs84sda4y
MD5

5eac5d8a9754ebd733fea743d2c8c710
SHA1

d87987feb9d8d06dbc92d83c90e33a52cf8597d7
SHA256

830df826a7b97e1c5d162e38282a0ec4de0ddc555949cb767afd0fb9b764b16b
SHA512

72b335b83cb61e5aa5826c70250596ed9eb91d73c2047242f53f1ce2ae11f12990256cb2061c9a6cbd1e0724b38f93b18fd3420ecc30d6e87cdb11ba78946944
SSDEEP

6144:4IXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUmDa1is0f:4IXsgtvm1De5YlOx6lzBH46Umu1q

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  830df826a7b97e1c5d162e38282a0ec4de0ddc555949cb767afd0fb9b764b16b
- Size
  
  1016KB
- MD5
  
  5eac5d8a9754ebd733fea743d2c8c710
- SHA1
  
  d87987feb9d8d06dbc92d83c90e33a52cf8597d7
- SHA256
  
  830df826a7b97e1c5d162e38282a0ec4de0ddc555949cb767afd0fb9b764b16b
- SHA512
  
  72b335b83cb61e5aa5826c70250596ed9eb91d73c2047242f53f1ce2ae11f12990256cb2061c9a6cbd1e0724b38f93b18fd3420ecc30d6e87cdb11ba78946944
- SSDEEP
  
  6144:4IXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUmDa1is0f:4IXsgtvm1De5YlOx6lzBH46Umu1q
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan