a0af844bcbd5df4371cf9d3c1829fbe40c1ebc5f79e2a6f98a4b688ef6132118 | Triage

Sharing

General

Target

a0af844bcbd5df4371cf9d3c1829fbe40c1ebc5f79e2a6f98a4b688ef6132118
Size

548KB
Sample

221206-p46ynsac94
MD5

fe66d941e06ed5c6129fceb1c4706489
SHA1

e512ae2dbbf2c96d8919a0d130c3dd4aa6840121
SHA256

a0af844bcbd5df4371cf9d3c1829fbe40c1ebc5f79e2a6f98a4b688ef6132118
SHA512

ccb77c9eedae56a4b8f4cb6f267e12ef883f4e288022e5250c3b43da26903158f921bb72fa5f5bcefaf68e44cd629ce18696f1cac8bc00909d2fd5449e3eb1f7
SSDEEP

12288:lCTI2IO6X4ySHD8ONO3rO5pndlTI2IO6X4Y:lCEm6XGD8OCC3nzEm6XP

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  a0af844bcbd5df4371cf9d3c1829fbe40c1ebc5f79e2a6f98a4b688ef6132118
- Size
  
  548KB
- MD5
  
  fe66d941e06ed5c6129fceb1c4706489
- SHA1
  
  e512ae2dbbf2c96d8919a0d130c3dd4aa6840121
- SHA256
  
  a0af844bcbd5df4371cf9d3c1829fbe40c1ebc5f79e2a6f98a4b688ef6132118
- SHA512
  
  ccb77c9eedae56a4b8f4cb6f267e12ef883f4e288022e5250c3b43da26903158f921bb72fa5f5bcefaf68e44cd629ce18696f1cac8bc00909d2fd5449e3eb1f7
- SSDEEP
  
  12288:lCTI2IO6X4ySHD8ONO3rO5pndlTI2IO6X4Y:lCEm6XGD8OCC3nzEm6XP
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2