7e2b6452d4b77ade1f05acd01f26ef17f0ae87c7684f47a745e03b8fe3676697 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20230429f8fb64ee2212a74178b5eb2bc7f9d88avirlock.bin
Size

531KB
Sample

230506-zqemdade98
MD5

f8fb64ee2212a74178b5eb2bc7f9d88a
SHA1

c794aa950b696a647c8bfef860cd665099a0ac85
SHA256

7e2b6452d4b77ade1f05acd01f26ef17f0ae87c7684f47a745e03b8fe3676697
SHA512

378b2e78738ad3b406732fd35f1946627d4e357ebdc497f5b54a31a6afc729f96f462371e89e17d0c8a669483b8d92d0bbe9a3f4c7d548fd84f77d1f7fd9cf96
SSDEEP

12288:RFn6Yc88FrNaowwNHTYela2901AC50Pk5dRUkTfrCFnzjWIz:RF6Y789NaowWzhjqoqmFnz

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  20230429f8fb64ee2212a74178b5eb2bc7f9d88avirlock.bin
- Size
  
  531KB
- MD5
  
  f8fb64ee2212a74178b5eb2bc7f9d88a
- SHA1
  
  c794aa950b696a647c8bfef860cd665099a0ac85
- SHA256
  
  7e2b6452d4b77ade1f05acd01f26ef17f0ae87c7684f47a745e03b8fe3676697
- SHA512
  
  378b2e78738ad3b406732fd35f1946627d4e357ebdc497f5b54a31a6afc729f96f462371e89e17d0c8a669483b8d92d0bbe9a3f4c7d548fd84f77d1f7fd9cf96
- SSDEEP
  
  12288:RFn6Yc88FrNaowwNHTYela2901AC50Pk5dRUkTfrCFnzjWIz:RF6Y789NaowWzhjqoqmFnz
Score

10^/10

evasion persistence trojan
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan