5522b7cbad20af72d44fd55f347465bc63a09ff7373b62482f2a4b270e0c73cd | Triage

Sharing

General

Target

adobeflash31windows.zip
Size

58.8MB
Sample

230331-xtmq2scf77
MD5

ef0f02a1d9fa50db0658611318064f89
SHA1

e4111dc9993728e58aad5bf72f57e294521b06df
SHA256

5522b7cbad20af72d44fd55f347465bc63a09ff7373b62482f2a4b270e0c73cd
SHA512

881e87e42113ffff42557afe992409cc472f4cc67fd5c99d0ce63b30ceffc4ca526c499d577e9f65a4ef1e4efa1751e42c36a01566a56384af9b3f83aaf7d143
SSDEEP

1572864:ccZisfdhKhio+pHOAgeX++ek1gjBcAPnRZu:ccZJShizoAgeX++utl3u

Score

8^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  Adobe Flash 31 Windows/flashplayer31_0r0_153_win.exe
- Size
  
  20.3MB
- MD5
  
  2dd6a03469cf27db821ade02d3e7460b
- SHA1
  
  204ea0483217bdee883d4bb73ac428f7439004a9
- SHA256
  
  72a5df8903d8bddfb9a38f05d8a8ff9f9a9fe6cd6d6c6d4b08d9733a97e00016
- SHA512
  
  4765d60376b44b1422e7891b7696573648b2b29b4af536f4c6bac80f15985dbd066b3cdaaeaa73f4cdac4344a36d0570098eb39f74594a2357fd3ba32f781e84
- SSDEEP
  
  393216:TF0EAKW9nr5noMoQXijbqStE9x2BE/kk/S2LJHPVsichNksAj:5aKanlnoyO7va8k/SqXchNksE
Score

8^/10

discovery evasion persistence trojan
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Adobe Flash 31 Windows/flashplayer31_0r0_153_winax.exe
- Size
  
  19.8MB
- MD5
  
  c2756e040a46dfb1218191bc48dc2c5a
- SHA1
  
  02604fd09c7d75d48a49a62bbbe26eb154d93a4e
- SHA256
  
  37a49b8bc84780578bb9b8399940fe3eb86f25d7795fdd74542a736c5e3f81cc
- SHA512
  
  2a06caca117aac3862ad21c1cb941811c918e2b7fe0a3c3b0e5da522b99c93e8d6b32331bd4937c72250d7ba358c17fb98104d65c21154be1a924b141bcdcfa1
- SSDEEP
  
  393216:S8KGIOMr+U+PdcvDIQiSYK+U8X+bXZ2I1+ntmXOO5T4:KR+U8dcvEQiSJ+oZN+n+dm
Score

7^/10

evasion trojan
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  Adobe Flash 31 Windows/flashplayer31_0r0_153_winpep.exe
- Size
  
  20.1MB
- MD5
  
  76f9255715efdbfb829bd0e22bc3406a
- SHA1
  
  321eb7717526ac36b0e5fc234a9284405af5b004
- SHA256
  
  378e7459c409fdba0c9a2ee4afc059ef03981fd857e4fb9028b95bef7c206dab
- SHA512
  
  674c9b7134ddfd5b114c72723511d2421de73d13c6bd301a0f4a7dfc5a8a37ac5486cc066a73168d30f5bb4557d794792db93f75dcb4b2797f01306f9b65dc10
- SSDEEP
  
  393216:bo0VBwUn2kZ7P/7Eu2vPsHz5BomtJZh4eh:80MzkZDzEuak5BNlp
Score

7^/10

evasion trojan
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6