5bb29ff48a651acb372879192bcf0a90757bbdd0e9028264ca1847358f11961b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5bb29ff48a651acb372879192bcf0a90757bbdd0e9028264ca1847358f11961b
Size

140KB
Sample

221201-fek58sad7y
MD5

4f7aab2258124b883859e4b7637b7b7b
SHA1

6b6b93e8f23acb56f987027efba884b65015a46c
SHA256

5bb29ff48a651acb372879192bcf0a90757bbdd0e9028264ca1847358f11961b
SHA512

7b39efba5c8e2b8dcc9b4579c5d7e6b61416407228245f6dca4c937f62672dc5e4b6d932b06483b0419189f01252b0fc448a2c0c50b85604586d60a6ce68464d
SSDEEP

3072:0ZwD/RAdhD91anTc+YH882/jGN/yDoPx6:kwD679ET3jY6sx

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5bb29ff48a651acb372879192bcf0a90757bbdd0e9028264ca1847358f11961b
- Size
  
  140KB
- MD5
  
  4f7aab2258124b883859e4b7637b7b7b
- SHA1
  
  6b6b93e8f23acb56f987027efba884b65015a46c
- SHA256
  
  5bb29ff48a651acb372879192bcf0a90757bbdd0e9028264ca1847358f11961b
- SHA512
  
  7b39efba5c8e2b8dcc9b4579c5d7e6b61416407228245f6dca4c937f62672dc5e4b6d932b06483b0419189f01252b0fc448a2c0c50b85604586d60a6ce68464d
- SSDEEP
  
  3072:0ZwD/RAdhD91anTc+YH882/jGN/yDoPx6:kwD679ET3jY6sx
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Modifies AppInit DLL entries
  persistence
- Deletes itself
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan