6fd5bbf8500d720504c57b9a142e2e74cf72fca61423c16a47925c7dcfc58f55

Sharing

Copy URL

Twitter E-mail

General

Target

6fd5bbf8500d720504c57b9a142e2e74cf72fca61423c16a47925c7dcfc58f55
Size

925KB
Sample

221205-kw42wshc4x
MD5

cff24913ebf1916bea49318f7ce18b5e
SHA1

103ca8364e5836feef5d03463f193d78a18ae007
SHA256

6fd5bbf8500d720504c57b9a142e2e74cf72fca61423c16a47925c7dcfc58f55
SHA512

e84a98fd3052dadbb009413465b8403db9b956f3f650449f0f563b947df4672ba3272023be95a17e12d3f50fad708b8abf1d01f52fd95d5cc708865a1a600e28
SSDEEP

24576:SuLo0neT42eAWari/j0B2yY1wCThP9WOghLecfcxK:lLa42rZiLlz19d4Lein

Score

10^/10

Malware Config

Targets

- Target
  
  A3X32.txt
- Size
  
  872KB
- MD5
  
  c56b5f0201a3b3de53e561fe76912bfd
- SHA1
  
  2a4062e10a5de813f5688221dbeb3f3ff33eb417
- SHA256
  
  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
- SHA512
  
  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
- SSDEEP
  
  12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Score

3^/10
behavioral1 behavioral2
- Target
  
  A3X64.txt
- Size
  
  990KB
- MD5
  
  0c45b1af9f410771bfd1740f40dc4173
- SHA1
  
  b896091855905e152abf260a64ebdf8b0c38aeb4
- SHA256
  
  3f1a80889fc13d98a26b8b6ac034d8ff4a04a5e3fe6c41c994585f5ba3e32bb2
- SHA512
  
  b23e2cb50ed312cb261df84a87283520079cd479ca16c19079abfce4f5ea18cbc730a191af480431f99d5a062e4b853745140d5e9d40003395f16b5867a11d5e
- SSDEEP
  
  24576:uomUFhNcmLFj4svqaShRsUiTfjo5ya8j8k:uCGmxj4svqaShRibza8T
Score

3^/10
behavioral3 behavioral4
- Target
  
  explorer.bat
- Size
  
  7KB
- MD5
  
  0d5a78797b5c0e87df9ad300551774f5
- SHA1
  
  28ffaa6885bc56f07d90d40cb442e486052e0e6d
- SHA256
  
  b2bd6bb09c2ebb01dd9743ff18ed43e1449596057851c0cb39f2212b9e56fc69
- SHA512
  
  9a4f3336088ad2e1a4f14770eb08d64fb19105d3bfc8dc78302ae36a59207568523565537682774a1432742bd2db1756347f6e276a16d03aadf9c521293e1cda
- SSDEEP
  
  96:OY7YCf1bFydggdgjdgHg4NgNNg49g9jHmhPqzKoBrN9bvKet/h9v7n6tbOkTdnMF:pEyNOA4qNq469jiNudrMKJ
Score

10^/10

discovery evasion exploit persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Creates new service(s)
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6
- Target
  
  start.bat
- Size
  
  32B
- MD5
  
  c3264e10c8e0517db52ca4c08422d511
- SHA1
  
  ff93ec33eff146ebf898af6b95679c75f87e00be
- SHA256
  
  e4ffa5814941edc15615524ef466bcb1d5d2d43aa7c6f43fa0b874e6623cfdda
- SHA512
  
  f39712b193842fc3510397019646be4559be2d086b0cb948a44dbb4d72b82d10db4fcfe53001e0820df5c540b63ec9b881053c346d215a4f61e9f6b62a121c93
Score

10^/10

discovery evasion exploit persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Creates new service(s)
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral7 behavioral8
- Target
  
  start.vbs
- Size
  
  121B
- MD5
  
  13999a2016dfac9c53e075de38b567d0
- SHA1
  
  835531d5a396499dc0cd075f443a6a624a3b631c
- SHA256
  
  777e6f4dd1604ca00b326a5095dc593c71b1250091cd1ff629202b8c669fd5c7
- SHA512
  
  3e8b9ab49dd854d7ee7e0903277fc892befa38720c4f5b8afc9c452e6a648523a4446e07a7d5486b328669bcf762c2a674635e20e7099ca114d5b9b4ce9f5f24
Score

10^/10

discovery evasion exploit persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Creates new service(s)
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral10 behavioral9
- Target
  
  tweak.txt
- Size
  
  44KB
- MD5
  
  ba352663c76c86c10a8d5c7b7a47f3c5
- SHA1
  
  61337aec0dad3d993f862a2d6499a185cbe46431
- SHA256
  
  afbf22880d0129f8b11b1a5876f175c874f52c8572cb5c4beda3c528241a8e6c
- SHA512
  
  fe563a98a4aa7913d4e58be874669f3294f07954fbe53d4b599b294310ba83181ff0d1fad947d23678cc62afca2a26aee39217d38a662b4aee097135488a706d
- SSDEEP
  
  768:2YXjpZtla2TkbZQG+udRn1d699cD/vBiLeiQw:7XjLa2TkbZQTudZjKI/w9B
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Modify Existing Service

T1031

New Service

T1050

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Bypass User Account Control

T1088

New Service

T1050

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

File and Directory Permissions Modification

T1222

Hidden Files and Directories

T1158

Impair Defenses

T1562

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Targets

Modifies Windows Defender Real-time Protection settings

UAC bypass

Windows security bypass

Creates new service(s)

Disables taskbar notifications via registry modification

Executes dropped EXE

Modifies Windows Firewall

Possible privilege escalation attempt

Stops running service(s)

Loads dropped DLL

Modifies file permissions

Windows security modification

Adds Run key to start application

Checks whether UAC is enabled

Modifies Windows Defender Real-time Protection settings

UAC bypass

Windows security bypass

Creates new service(s)

Disables taskbar notifications via registry modification

Executes dropped EXE

Modifies Windows Firewall

Possible privilege escalation attempt

Stops running service(s)

Checks computer location settings

Loads dropped DLL

Modifies file permissions

Windows security modification

Adds Run key to start application

Checks whether UAC is enabled

Modifies Windows Defender Real-time Protection settings

UAC bypass

Windows security bypass

Creates new service(s)

Disables taskbar notifications via registry modification

Executes dropped EXE

Modifies Windows Firewall

Possible privilege escalation attempt

Stops running service(s)

Checks computer location settings

Loads dropped DLL

Modifies file permissions

Windows security modification

Adds Run key to start application

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12