aa6b54495fae983e97732ac7db856827abbce22b61d2710afd3b9ff3bc617c67 | Triage

Sharing

General

Target

51745905.exe
Size

521KB
Sample

230513-2ntpmahe83
MD5

ef3af90c4c53209e88389befface185b
SHA1

9e054f224cde08b28fb51f3ffb14b9cf6409d20b
SHA256

aa6b54495fae983e97732ac7db856827abbce22b61d2710afd3b9ff3bc617c67
SHA512

df5d65f2387b6ba53599cc9921800984886d4b51ee3581b56da5553f4df25fe04bf69cb365f66471704c3b391e9b6b98b806a383fa3c93fb5c71c89096506bd5
SSDEEP

6144:gb9DvsXALpXzegZZ8qhYd5F8ult1dTc4TeKKQVwjwTiry:gbxvsXALVzjZLhavQ4AWwjw+y

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  51745905.exe
- Size
  
  521KB
- MD5
  
  ef3af90c4c53209e88389befface185b
- SHA1
  
  9e054f224cde08b28fb51f3ffb14b9cf6409d20b
- SHA256
  
  aa6b54495fae983e97732ac7db856827abbce22b61d2710afd3b9ff3bc617c67
- SHA512
  
  df5d65f2387b6ba53599cc9921800984886d4b51ee3581b56da5553f4df25fe04bf69cb365f66471704c3b391e9b6b98b806a383fa3c93fb5c71c89096506bd5
- SSDEEP
  
  6144:gb9DvsXALpXzegZZ8qhYd5F8ult1dTc4TeKKQVwjwTiry:gbxvsXALVzjZLhavQ4AWwjw+y
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2