417142334d05008c439dbe5dc9e5b98cdb728323833be518c573f29c3bc6f7d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

417142334d05008c439dbe5dc9e5b98cdb728323833be518c573f29c3bc6f7d8
Size

3.0MB
Sample

221126-12jadacd4y
MD5

d2da94044b54f3f0201fb6881a8583c9
SHA1

323893b17e281f0552b837fef002372377a6cfc7
SHA256

417142334d05008c439dbe5dc9e5b98cdb728323833be518c573f29c3bc6f7d8
SHA512

7db8dbc20568e0998f79317288df07342ff9c4f9158e7573c29b27d7b23503eb48ca41dc42c1285efb61f686c122b72ac905701c9b8c3c6ad4447995d26f4e95
SSDEEP

49152:+ci5S37SCgHhXow+mTCTxaGKeV4bRnu3mu6jS+aiSPruUxhPQdSJ:Y5xpow+m6aGTauDBPug4dSJ

Score

8^/10

discovery evasion link pdf persistence trojan

Malware Config

Targets

- Target
  
  SUtilities.dll
- Size
  
  762KB
- MD5
  
  31a69f32502de8b29ed98bfa19de1332
- SHA1
  
  903f22a8b1416e4c00df321ecd66cf9fc20728a1
- SHA256
  
  dae57a0a42312711f6125024b00aed2df224b62be509f749126d27357e05a230
- SHA512
  
  31bb81fa09e5a9cb78c830ae149216ee8d20dd720e281775d7335d9854f8ef3d1597978b2e6b2d23a35ffda031f0eda89e1e4ed1c5a7c6723b84b19dd3657ad8
- SSDEEP
  
  12288:xLHb+VwvK58jWNoXiRULuFg/6pmrS5YHWF8DqxwBiN0fm5o7KF8HORwDydEv2J45:xLHb+VwvK58jWNoXiRULuFg/6pmrS5YL
Score

1^/10
behavioral1 behavioral2
- Target
  
  setup.exe
- Size
  
  1.3MB
- MD5
  
  0adf5309816e4245cd95357a4d3f06f7
- SHA1
  
  affb254e3d8fcdaf8ab5bd94aa6eb6b5bf5b131b
- SHA256
  
  adcc5d685970b6d59d9c5e1f455ee3a587c96f1c95fcae131ebacd56c726dd41
- SHA512
  
  9e5663e256788edf8e175e007337e28804aab77f17122b1d71d503f845e7bf973db9841e172e228782657cb4c3fab5ed57ecc702daeabbd9e61c4783d03d5889
- SSDEEP
  
  12288:sTA602ZB1GOOyKoK4Llt6i+yDqVl4vwcxaapX4Uopq1aP0X4doZjcfVKWeQp9456:S1bpD7Zt6GaOa4o/q1RXdZQdneJKN
Score

8^/10

discovery evasion persistence trojan
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  winx32.dll
- Size
  
  161KB
- MD5
  
  a20ffa2aa33624b14d1dbcc84f3a1eca
- SHA1
  
  e309378952dae238debd1eff84c5ec848137d27d
- SHA256
  
  3c4cab270f053987685c53ec545a4d114973923d70b794561ed4430a157ffa11
- SHA512
  
  c6322ec2cacddcaac01aefc61acc9a175111f9b7e3d15b09e5a16e7dd2c540688eaeb800d620d6fc1762f5eca872429fb96eb11cbcf5f1912725cbf5ed21c07e
- SSDEEP
  
  3072:t9cxFArwaByeiVBe+OUISgTQMZrpqVdbVnzM4gGLoBs8lp:cArwQzaErpqVNVnzQ19
Score

1^/10
behavioral5 behavioral6
- Target
  
  winxvd.lib
- Size
  
  1.6MB
- MD5
  
  9f4c5adace8d68beb47659ae7b9ef77d
- SHA1
  
  5081307078b4734e400d374c8e142b319177d57e
- SHA256
  
  449b3428c7e61bc75bef49874f4b108464b76580ffe07737d4d1c52a4a5c037c
- SHA512
  
  781811659af5a57c80b8c017b8165e0daa1a45ee7b648dc44a4011ece156716764dca598fe564eb1a81c097a9237ca0952c977bd90aeb0368dda9346f531ba6f
- SSDEEP
  
  24576:czXk4r8plb+ZGA/biP/+hhxTwOO7LI3uF1hoFTZ/wd3ODQ9y04pFkNSYyRqNvw:MIUzhxTxkI3uFwvwd3OD8yf8SYyavw
Score

1^/10
behavioral7 behavioral8
- Target
  
  zploader.dat
- Size
  
  322KB
- MD5
  
  1c62bcdf80127eb644fe7d0db4385018
- SHA1
  
  86d51a551596029df4e07d032936063a680c2bd7
- SHA256
  
  88a5254f0a5696b84c9897700b976613d7282d11cb17200a8d583e5d6418ea36
- SHA512
  
  888659ec3d863f69b6a78554ea2bdb1a3aaff4680e95461f057517e0ea13c34ce9785e4dcb0a79eded17299c37f6c08a5fbb2331a6184a5e2f65c95e0cb7568e
- SSDEEP
  
  6144:hOGOB9tTmww/ruyFv4AznSMT9dmd6dT81S4qY+KeTL2Gc5gUDVRlMAgV:hdY9xJ1yFvrnSvR1qYCTLVG5fM7V
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryevasionpersistencetrojan

behavioral4

discoveryevasionpersistencetrojan

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10