3ace460dcf3cbaccc03e32cdd2c8d8f5307c4ab6c08196daf9dc1d816f89d848 | Triage

Sharing

General

Target

3ace460dcf3cbaccc03e32cdd2c8d8f5307c4ab6c08196daf9dc1d816f89d848
Size

99KB
Sample

221124-av97eafd76
MD5

3e431a34f2c09109e47958e6cee614d6
SHA1

f19747f34121b8225b0b508d0d3ba1781772d05a
SHA256

3ace460dcf3cbaccc03e32cdd2c8d8f5307c4ab6c08196daf9dc1d816f89d848
SHA512

8caf6e1e177db6a1554dae0ad09d44da45a168a2f2fe435f8ddff3c6633967b9a94cf7875dd3728b640851b15132f482b3a118b8db4769a5fb0834021ab8f85c
SSDEEP

3072:gMERCkEVeLZC7tXGZQvGozOVA0PAnrBztx7lDn0K:IEVOC75GyvDzOq8A9zP7pn0K

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  3ace460dcf3cbaccc03e32cdd2c8d8f5307c4ab6c08196daf9dc1d816f89d848
- Size
  
  99KB
- MD5
  
  3e431a34f2c09109e47958e6cee614d6
- SHA1
  
  f19747f34121b8225b0b508d0d3ba1781772d05a
- SHA256
  
  3ace460dcf3cbaccc03e32cdd2c8d8f5307c4ab6c08196daf9dc1d816f89d848
- SHA512
  
  8caf6e1e177db6a1554dae0ad09d44da45a168a2f2fe435f8ddff3c6633967b9a94cf7875dd3728b640851b15132f482b3a118b8db4769a5fb0834021ab8f85c
- SSDEEP
  
  3072:gMERCkEVeLZC7tXGZQvGozOVA0PAnrBztx7lDn0K:IEVOC75GyvDzOq8A9zP7pn0K
Score

10^/10

persistence evasion trojan
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencetrojan