aa0bed5e015059be0267bd6c3f4e361477de25b3cf5fa01bfbc11a95daf3a289 | Triage

Sharing

General

Target

aa0bed5e015059be0267bd6c3f4e361477de25b3cf5fa01bfbc11a95daf3a289
Size

1.2MB
Sample

221205-ljt7labd5y
MD5

1ac7f905b952d6a74fe9d70dfaeb4a87
SHA1

0e6882d7f2bd2887489a91bfbe00963c5be9c766
SHA256

aa0bed5e015059be0267bd6c3f4e361477de25b3cf5fa01bfbc11a95daf3a289
SHA512

0a5d76d36619ff75c402771d45026edf0b365b8765b8c4664c5e3a6c184afd6851102af87bd34f766fe37fb078df8d1b9cfd7bb1a0a2037d4c036a29969c0ff8
SSDEEP

12288:ab0ZipUUTrXv6bkNtXDUqwa0bO+iCeJPQvHOERQ5A925YEoRlBM24il+gspTbqqI:ab0ZippTrXSbkjwN4pPRdxojeilT5lZr

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  aa0bed5e015059be0267bd6c3f4e361477de25b3cf5fa01bfbc11a95daf3a289
- Size
  
  1.2MB
- MD5
  
  1ac7f905b952d6a74fe9d70dfaeb4a87
- SHA1
  
  0e6882d7f2bd2887489a91bfbe00963c5be9c766
- SHA256
  
  aa0bed5e015059be0267bd6c3f4e361477de25b3cf5fa01bfbc11a95daf3a289
- SHA512
  
  0a5d76d36619ff75c402771d45026edf0b365b8765b8c4664c5e3a6c184afd6851102af87bd34f766fe37fb078df8d1b9cfd7bb1a0a2037d4c036a29969c0ff8
- SSDEEP
  
  12288:ab0ZipUUTrXv6bkNtXDUqwa0bO+iCeJPQvHOERQ5A925YEoRlBM24il+gspTbqqI:ab0ZippTrXSbkjwN4pPRdxojeilT5lZr
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2