5aa4f4e9b0d729128b0a7ee7456cebdad0760b66eaa5dfb559122c26f8fc017c | Triage

Sharing

General

Target

5aa4f4e9b0d729128b0a7ee7456cebdad0760b66eaa5dfb559122c26f8fc017c
Size

2.4MB
Sample

230103-176mvsda88
MD5

a16ee05b9961384ef98ac5ddd4e9217b
SHA1

ca88879bf045c097f5ef0215d6c389c55fbed683
SHA256

5aa4f4e9b0d729128b0a7ee7456cebdad0760b66eaa5dfb559122c26f8fc017c
SHA512

59bbf924f266a372e5e827b5afcdf131e1dcca1d00addf6c6a86c7fc054e249324fa150bc73e34c2c1c7b978f2b8f1f7326311333dd4b5c6c89e94cc3f76c520
SSDEEP

24576:GJO3Y9vZKxOWrJ/iDK1Pjq/VLO7067CBsEGcmdASdTFI070bIB:yuVqFGLNZ

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  5aa4f4e9b0d729128b0a7ee7456cebdad0760b66eaa5dfb559122c26f8fc017c
- Size
  
  2.4MB
- MD5
  
  a16ee05b9961384ef98ac5ddd4e9217b
- SHA1
  
  ca88879bf045c097f5ef0215d6c389c55fbed683
- SHA256
  
  5aa4f4e9b0d729128b0a7ee7456cebdad0760b66eaa5dfb559122c26f8fc017c
- SHA512
  
  59bbf924f266a372e5e827b5afcdf131e1dcca1d00addf6c6a86c7fc054e249324fa150bc73e34c2c1c7b978f2b8f1f7326311333dd4b5c6c89e94cc3f76c520
- SSDEEP
  
  24576:GJO3Y9vZKxOWrJ/iDK1Pjq/VLO7067CBsEGcmdASdTFI070bIB:yuVqFGLNZ
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencetrojan