58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d | Triage

Sharing

General

Target

58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d
Size

2.0MB
Sample

221125-jqez5sca83
MD5

83933516d5bec305eca233671d58d70e
SHA1

cd2861e8ac5004907f0d1e2b54ab43078fe315fb
SHA256

58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d
SHA512

339c909d8198f998c4672aa5a81c2d5b2d6c910e5af5ff6660ac8c101d83df5d9836dd80a3b027ce0a7ccb0d7ab375bb11644847835f167939763390686f94d8
SSDEEP

49152:LAHmZWttPz/DFeBgmk2fMagFW06rwa9LvQZy9LvQZgipCDh0:a+eX+gDDMHwa9bQZy9bQZgipEh0

Score

10^/10

evasion persistence trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://galaint.statson-linesec.info/?0=118&1=2&2=1&3=79&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=ctkpbjxohg&14=1

Targets

- Target
  
  58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d
- Size
  
  2.0MB
- MD5
  
  83933516d5bec305eca233671d58d70e
- SHA1
  
  cd2861e8ac5004907f0d1e2b54ab43078fe315fb
- SHA256
  
  58084e8f26d34d6773e5a1a30f4f713ec160944df86996fde281972ff7afc82d
- SHA512
  
  339c909d8198f998c4672aa5a81c2d5b2d6c910e5af5ff6660ac8c101d83df5d9836dd80a3b027ce0a7ccb0d7ab375bb11644847835f167939763390686f94d8
- SSDEEP
  
  49152:LAHmZWttPz/DFeBgmk2fMagFW06rwa9LvQZy9LvQZgipCDh0:a+eX+gDDMHwa9bQZy9bQZgipEh0
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Impair Defenses

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2