9a8fbfd40ea19beeb378f1be238e3ce8dd5675d83deabc5c249886d38b420626 | Triage

Sharing

General

Target

9a8fbfd40ea19beeb378f1be238e3ce8dd5675d83deabc5c249886d38b420626
Size

64KB
Sample

221207-dvhzpsah76
MD5

1a0e8763b624334a5288ea2f59996f6d
SHA1

1d5968388c4d6266301822f8a6152467f5149a54
SHA256

9a8fbfd40ea19beeb378f1be238e3ce8dd5675d83deabc5c249886d38b420626
SHA512

a8ed4acecf0bf9f8b019bdc4223496e8f2a29d349b01f41975d184081f4e7c674a5c5093da8268db865cffa845c9627bf8c673e8ef2dfc32fdbdd05423945552
SSDEEP

1536:ubpM6l4seAkWP6f2xBQwaqLO+0ER1qf5f87e:taNe3QjQwaaO+f1A9s

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  9a8fbfd40ea19beeb378f1be238e3ce8dd5675d83deabc5c249886d38b420626
- Size
  
  64KB
- MD5
  
  1a0e8763b624334a5288ea2f59996f6d
- SHA1
  
  1d5968388c4d6266301822f8a6152467f5149a54
- SHA256
  
  9a8fbfd40ea19beeb378f1be238e3ce8dd5675d83deabc5c249886d38b420626
- SHA512
  
  a8ed4acecf0bf9f8b019bdc4223496e8f2a29d349b01f41975d184081f4e7c674a5c5093da8268db865cffa845c9627bf8c673e8ef2dfc32fdbdd05423945552
- SSDEEP
  
  1536:ubpM6l4seAkWP6f2xBQwaqLO+0ER1qf5f87e:taNe3QjQwaaO+f1A9s
Score

10^/10

evasion persistence trojan
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencetrojan