4dcd065afd71a394813b01935fa5d8593df281dec35a644b40d6c30f6fb7ba19 | Triage

Submit
Reports

Overview

overview

Static

static

4dcd065afd...19.exe

windows7-x64

4dcd065afd...19.exe

windows10-2004-x64

8

Sharing

General

Target

4dcd065afd71a394813b01935fa5d8593df281dec35a644b40d6c30f6fb7ba19
Size

445KB
Sample

221124-gj64yacg69
MD5

fe820e5de1d63dc403774298d489fcd6
SHA1

e202a281fc80aa244652d08861c72cb4030870e5
SHA256

4dcd065afd71a394813b01935fa5d8593df281dec35a644b40d6c30f6fb7ba19
SHA512

817cd341cdb835d2722507aff0f1bd439283dc7ce27ecadeec1daa613e7bf7f1348667c2d876c11ad6619589d199b388bc8a775179b5d5293e60ceb18566c944
SSDEEP

12288:JHICZ9iSCnm8B/Hw9pVKGCs64DVdZ3+8qFXTjc:JoC7ijwFKlVadZ3+8qNc

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

4dcd065afd71a394813b01935fa5d8593df281dec35a644b40d6c30f6fb7ba19.exe

Resource

win7-20221111-en

evasion persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

4dcd065afd71a394813b01935fa5d8593df281dec35a644b40d6c30f6fb7ba19.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  4dcd065afd71a394813b01935fa5d8593df281dec35a644b40d6c30f6fb7ba19
- Size
  
  445KB
- MD5
  
  fe820e5de1d63dc403774298d489fcd6
- SHA1
  
  e202a281fc80aa244652d08861c72cb4030870e5
- SHA256
  
  4dcd065afd71a394813b01935fa5d8593df281dec35a644b40d6c30f6fb7ba19
- SHA512
  
  817cd341cdb835d2722507aff0f1bd439283dc7ce27ecadeec1daa613e7bf7f1348667c2d876c11ad6619589d199b388bc8a775179b5d5293e60ceb18566c944
- SSDEEP
  
  12288:JHICZ9iSCnm8B/Hw9pVKGCs64DVdZ3+8qFXTjc:JoC7ijwFKlVadZ3+8qNc
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy