49c6540b544757a38f4ee26e0b20435fb0703d49e9df7b7f01e8d0f54e94e23d | Triage

Sharing

General

Target

49c6540b544757a38f4ee26e0b20435fb0703d49e9df7b7f01e8d0f54e94e23d
Size

228KB
Sample

221129-r1vscacb9x
MD5

70a58932a998f4f1c99632f3acf21863
SHA1

23fe73e4689b7863ed92b2682c737b1ab6e31891
SHA256

49c6540b544757a38f4ee26e0b20435fb0703d49e9df7b7f01e8d0f54e94e23d
SHA512

d2974d92900e203fa154d5e71455916290d1911d92b908e6b805314b0980a6a5ddc435e232eb9ccdcc75bce9e090927682a8acfbf9756de9d0b734602385bc5d
SSDEEP

3072:gHMNyfW1VHTCyPNHhP/VToqbeAtoH2ts7bLkAV7sp23MANi4q6DTV:gHMVt5tDoH2tIs

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  49c6540b544757a38f4ee26e0b20435fb0703d49e9df7b7f01e8d0f54e94e23d
- Size
  
  228KB
- MD5
  
  70a58932a998f4f1c99632f3acf21863
- SHA1
  
  23fe73e4689b7863ed92b2682c737b1ab6e31891
- SHA256
  
  49c6540b544757a38f4ee26e0b20435fb0703d49e9df7b7f01e8d0f54e94e23d
- SHA512
  
  d2974d92900e203fa154d5e71455916290d1911d92b908e6b805314b0980a6a5ddc435e232eb9ccdcc75bce9e090927682a8acfbf9756de9d0b734602385bc5d
- SSDEEP
  
  3072:gHMNyfW1VHTCyPNHhP/VToqbeAtoH2ts7bLkAV7sp23MANi4q6DTV:gHMVt5tDoH2tIs
Score

10^/10

evasion persistence trojan
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan