2dbee898aa3a7cb9f60abe508b368cb3d4d9eb18a9294ec615490f9985393e6f | Triage

Sharing

General

Target

2dbee898aa3a7cb9f60abe508b368cb3d4d9eb18a9294ec615490f9985393e6f
Size

687KB
Sample

221125-j1m4hacg89
MD5

4107781b55a031594009ff61e5be3b2c
SHA1

d125a4f007f9c4ad7551811e483ae9882b9ad08e
SHA256

2dbee898aa3a7cb9f60abe508b368cb3d4d9eb18a9294ec615490f9985393e6f
SHA512

84297edd6d709342d1c480af4917e3d36d7e6a717ef96c786eb0aa1f8057c4ebb4a342819d401ba0ee9df947e62ef67560f2ce1bb40434e7dde6b3130bf5e67b
SSDEEP

12288:FkG9NSL/d1cPYolyyb0VGXRkm0q7zBgcJd1w5Xt1wmv7RW2Xc7z7tI:iqNE/d1cPYoleYBkmHKud1wzzRF+z

Score

8^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  2dbee898aa3a7cb9f60abe508b368cb3d4d9eb18a9294ec615490f9985393e6f
- Size
  
  687KB
- MD5
  
  4107781b55a031594009ff61e5be3b2c
- SHA1
  
  d125a4f007f9c4ad7551811e483ae9882b9ad08e
- SHA256
  
  2dbee898aa3a7cb9f60abe508b368cb3d4d9eb18a9294ec615490f9985393e6f
- SHA512
  
  84297edd6d709342d1c480af4917e3d36d7e6a717ef96c786eb0aa1f8057c4ebb4a342819d401ba0ee9df947e62ef67560f2ce1bb40434e7dde6b3130bf5e67b
- SSDEEP
  
  12288:FkG9NSL/d1cPYolyyb0VGXRkm0q7zBgcJd1w5Xt1wmv7RW2Xc7z7tI:iqNE/d1cPYoleYBkmHKud1wzzRF+z
Score

8^/10

evasion persistence trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan