3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9 | Triage

Sharing

General

Target

3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9
Size

20KB
Sample

230301-v3mfjahc69
MD5

4bd60f1b3463985964e0c1a4a5b2dd14
SHA1

440008219d6a344936cb49206b79664dd333a307
SHA256

3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9
SHA512

4c9666f0e9b36cb6a995bf2d4341b8e6fd17bfddd32658f83379da08912207569dce45f64d76c5c557abf8359b31a90bcdd907f4cda8c0128a8d481b2b7875d1
SSDEEP

48:yqS3foSm+p47EF9YS1GYFzf3sFzRpP4oyl1vgclVKsKtN:1SXp47I9YSEgzkzzP4oynP

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9
- Size
  
  20KB
- MD5
  
  4bd60f1b3463985964e0c1a4a5b2dd14
- SHA1
  
  440008219d6a344936cb49206b79664dd333a307
- SHA256
  
  3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9
- SHA512
  
  4c9666f0e9b36cb6a995bf2d4341b8e6fd17bfddd32658f83379da08912207569dce45f64d76c5c557abf8359b31a90bcdd907f4cda8c0128a8d481b2b7875d1
- SSDEEP
  
  48:yqS3foSm+p47EF9YS1GYFzf3sFzRpP4oyl1vgclVKsKtN:1SXp47I9YSEgzkzzP4oynP
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2