b36ab76edaf407bae37250a2dc83a67da9f454513fb2b5265ac899d952ef7b59 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b36ab76edaf407bae37250a2dc83a67da9f454513fb2b5265ac899d952ef7b59
Size

445KB
Sample

221202-v6wtdadb41
MD5

3720b85de2d58441c596df764e44470e
SHA1

80c6e7e94a5c74faa5fdbac817970163d3c2a1a9
SHA256

b36ab76edaf407bae37250a2dc83a67da9f454513fb2b5265ac899d952ef7b59
SHA512

f9e3e9b037e9e78d5d8fab2d31df765039d8b6832cd423678842ab53d209300d19e7c36837ebbd2a1651105c58ae43c394bb162315991ce2093ddbeb09682f04
SSDEEP

6144:F8Akg36FMYH+NUGIpNpv5Z+jgpa7veUieXZ/v/6iub0cev5:Mg36FvxRulXieXZX/6R0cev5

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  b36ab76edaf407bae37250a2dc83a67da9f454513fb2b5265ac899d952ef7b59
- Size
  
  445KB
- MD5
  
  3720b85de2d58441c596df764e44470e
- SHA1
  
  80c6e7e94a5c74faa5fdbac817970163d3c2a1a9
- SHA256
  
  b36ab76edaf407bae37250a2dc83a67da9f454513fb2b5265ac899d952ef7b59
- SHA512
  
  f9e3e9b037e9e78d5d8fab2d31df765039d8b6832cd423678842ab53d209300d19e7c36837ebbd2a1651105c58ae43c394bb162315991ce2093ddbeb09682f04
- SSDEEP
  
  6144:F8Akg36FMYH+NUGIpNpv5Z+jgpa7veUieXZ/v/6iub0cev5:Mg36FvxRulXieXZX/6R0cev5
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2