dbb2156595b6e9b78cef1ff4c304424ba2058d4ca1b4dcac918e59462ca13e2f | Triage

Sharing

General

Target

dbb2156595b6e9b78cef1ff4c304424ba2058d4ca1b4dcac918e59462ca13e2f
Size

617KB
Sample

221124-qacy6seg28
MD5

96b2447660f78f88ebe70e53b900f17c
SHA1

836ede11a073ed7bb3121af8f90a043bb23673fd
SHA256

dbb2156595b6e9b78cef1ff4c304424ba2058d4ca1b4dcac918e59462ca13e2f
SHA512

09ff31e36991a4598f2c11a942e7b9878bd66277f1dab1a8ddfa471e1b517d35163fdc700d9d51dad461521f639824cb9b448be9ea0eb482f225025ae9640467
SSDEEP

12288:NF8EL1lJlARoDifXgekXY3P8D6Mzmnv7bcR2Y3cYJYZe4RF5nbzl/+I:NWEL1ORLQeyhO7c2Y37URF5n5+I

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  04.doc
- Size
  
  62KB
- MD5
  
  4b2c3c92a23d9d904a598170b6e2fce2
- SHA1
  
  6bb554b5c205e834684a5a14ab7d44423d352694
- SHA256
  
  ddb7acd3f6f58df6fbddc5a3ecccbe2e3033b4fe95541481d9a1737cd7d13a52
- SHA512
  
  5cc6e69312972033a1291d8659dd0c2a4cde0b4c704872b4c3569eef5d29a614e81eeda941d36b5198293834ae204ada3e4e6d2664edcce4b7f74fb47f04de09
- SSDEEP
  
  384:ICSQuK2aaxBhEEDkLCHEwHEwHEEHE213coBW+pF8UM88UM88UM88z886Ma:UnO3hhNH7b
Score

4^/10
behavioral1 behavioral2
- Target
  
  0_74937_b8d8d760_XL.jpeg
- Size
  
  134KB
- MD5
  
  a11a850de438c9b05a60eb8cb561762f
- SHA1
  
  e09a8aa7ce6a085aa406383facd5b950c9cbec35
- SHA256
  
  b8dcf67ef62598b90e50b33658431b3386392dbbf12d9c1eadae98137c562837
- SHA512
  
  52652e59e29a1b9f49cf8182b657c4d32cc8843269af23ca22b7f5877e275605186ac480783e9e4256eb8a1a25d93446f1d5e787eedb569cdcb84e215a36a792
- SSDEEP
  
  3072:0XS2PKUwltlhv65cH4T1I1HCSGToLZSVTveDcZUO2k/X+7jlxgb:0C2CUwltlhvu21HDqvpP2WOEb
Score

3^/10
behavioral3 behavioral4
- Target
  
  0_7493c_ac189742_L.jpeg
- Size
  
  52KB
- MD5
  
  780894ac6b4d2742666822f6177071e1
- SHA1
  
  a3c6a25a9e52476184515f6f1b418b8bc60eaa9a
- SHA256
  
  406d11efbd25cc6b38134ecd43b97340939608e51ffb2095dca6dd30efc7ebdc
- SHA512
  
  cb0119ba4f3a1a405ef4bfa372ef16f3c4bc81edff9982ed72156c5b52af685db6e812cef4d9fa0ed0990421920df358c5deffbd7a970bf45076296f82243f60
- SSDEEP
  
  1536:TJ9XeiA4P5poTmyWXXqsWWjkPRi3z61hXgnZ:eiA4P5poCy1Rij61hX4Z
Score

3^/10
behavioral5 behavioral6
- Target
  
  11 мес 2012г..doc
- Size
  
  80KB
- MD5
  
  80a47298dd709dbb4a703cb407556c7e
- SHA1
  
  60cab23af73b41e22d945e2ac056111108c3ca0f
- SHA256
  
  38c46b1566768805867928a630dc78d0a20a4683d639bf745a5a926ec02f3ecd
- SHA512
  
  27287b4f1cabee3a30151f5fa79d38663f42fae1833f655d45b324e136bed7df189e525cc0800da8da235b092d057e1ade1c8631ab0fd06856ec4a910c2ed4b8
- SSDEEP
  
  192:gVZ09lEfxXfkNi2fdzNcYc/p5ol5OBKRf65RfqOk8KIBWwJ5b/Gs+sIj:vlEJPkNrwYsEl58KQ50rHIBxJZGf
Score

4^/10
behavioral7 behavioral8
- Target
  
  Puzzle Quest.exe
- Size
  
  880KB
- MD5
  
  9c7571fc9a6ba4d05805af66365f5a83
- SHA1
  
  8c48936dbfffe75c3a222bc3f0ce27e9da382f46
- SHA256
  
  2ba0434154844e0210a0a95cc01cc298b4feb7d646217900aae1dcc429740f75
- SHA512
  
  82e4462e6945c5f571f2ddab486426e27ac43d41706c9427171b364b3c68edb109bab381ca702e2a1fdad13c2b4b7218642a25d20d92641db6c6e4064c53b1c0
- SSDEEP
  
  6144:Aj6/wndfF/gl0LQIk8DR3dEuAI7pEfxsZozAm9TMdGQLUg1nYmefPImdrion2bAO:y6onxOp8FySpE5zvIdtU+YmefglQM7
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

evasionpersistencetrojan

behavioral10

evasionpersistencetrojan