Overview

overview

10

Static

static

9543019093...ad.exe

windows7-x64

10

9543019093...ad.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9543019093bc022b4e5151e4d829357d706a20f3797fddee1a683ddbb3063aad

  • Size

    2.7MB

  • Sample

    221125-h9jxrsed3t

  • MD5

    25543861ba274d232c398bc842057def

  • SHA1

    72fead8c6e44aade2f1f7df53a59d2258bdbc3d7

  • SHA256

    9543019093bc022b4e5151e4d829357d706a20f3797fddee1a683ddbb3063aad

  • SHA512

    03ae0f679a3258eb07b8e888b34eac04522fbc8cd11f5ffbee140748ac0d1e041d6b5f605c7a5a876c4e0412620285c37189ad45636cf9dbf5a899c92c948ad2

  • SSDEEP

    49152:1b2JAKeNCqs5pTNkRLq7J7EzlbCFKmoeBbUkoqypczICPk:1bIAKeNCrtkFMJ7glbqIeBbUZHC

Score
10/10
evasionpersistencetrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://galaint.releaseinfoupdate.pl/?0=126&1=2&2=1&3=118&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=ybpkowbwqh&14=1

Targets

    • Target

      9543019093bc022b4e5151e4d829357d706a20f3797fddee1a683ddbb3063aad

    • Size

      2.7MB

    • MD5

      25543861ba274d232c398bc842057def

    • SHA1

      72fead8c6e44aade2f1f7df53a59d2258bdbc3d7

    • SHA256

      9543019093bc022b4e5151e4d829357d706a20f3797fddee1a683ddbb3063aad

    • SHA512

      03ae0f679a3258eb07b8e888b34eac04522fbc8cd11f5ffbee140748ac0d1e041d6b5f605c7a5a876c4e0412620285c37189ad45636cf9dbf5a899c92c948ad2

    • SSDEEP

      49152:1b2JAKeNCqs5pTNkRLq7J7EzlbCFKmoeBbUkoqypczICPk:1bIAKeNCrtkFMJ7glbqIeBbUZHC

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Disables taskbar notifications via registry modification

      evasion

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Stops running service(s)

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Modify Existing Service

1
T1031

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

5
T1112

Impair Defenses

1
T1562

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks