e0dad1e141697a621631b52f4cabac335345753558b031a3eee01852c6bda2df | Triage

Sharing

General

Target

e0dad1e141697a621631b52f4cabac335345753558b031a3eee01852c6bda2df
Size

260KB
Sample

221125-vcwaraeg3t
MD5

d0cd90dd6c890665da59ba356da67ad7
SHA1

19c0793d96c520515805e925c1b2133aa3b435a0
SHA256

e0dad1e141697a621631b52f4cabac335345753558b031a3eee01852c6bda2df
SHA512

36800014f02d56de08eef5f0fa3a126bf6ee0ee0a46634a9ae99849f80cf882ab7b7d2666097c3a24059f62f35906929f1efa8330ddeec1ef23f5db755c67369
SSDEEP

6144:nbrXNjM73VqhXkykFoIbLzX8cyXdcaM5yfp8KUsa7RqzOdPNleVT4:nXdjM73VqRlJSMfdcPtsabNleVM

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  Visualizar.exe
- Size
  
  526KB
- MD5
  
  81795fe9379bd815d41101917a31d43a
- SHA1
  
  b34cb520625e34c2ab7fc9d6f885605b80526410
- SHA256
  
  ed693ebc7581d06b45f1a72b423fb6b48889f34b3cbc7afded7f08927d5aa305
- SHA512
  
  963b6708752c764556fc81a554e5ad4fca1da2aa9e972b7bb505631abc0be6b061400aa04fe3765343e5196b6a8d791ce801c41434d8399e8b2e4e147df824a6
- SSDEEP
  
  6144:uxMtNrrKjFrLDyiTRsQ9YfvTlFkXIM/17wPJa31dzNJjqPcBDmUqBKZ+bmEpwtUN:ztNvcrLDytiIm17/NFqP3jKZ+6EpMu
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2