306cb62b0268431adac7935bda483e8065d4c1da3b7eb6bb8c57ba659c766249 | Triage

Sharing

General

Target

10703448577.zip
Size

1KB
Sample

230609-yxbnmaeb2y
MD5

de3cae7da3744db264c717ed129bc442
SHA1

f40873ba215dcc851cd53ed47d3256aae4432d8b
SHA256

306cb62b0268431adac7935bda483e8065d4c1da3b7eb6bb8c57ba659c766249
SHA512

2e5110c9fe3c43cae7c54b778832fc840b6648acd8cb7b87bf729a96c5a36d0741c4ba7c3dae5f39323634c1000059695472e1227a4a64eee1ce46571fa466f8

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1HFUT-JDcGJccWNG8J9DQsDnw_Zc2QYn0

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1ogbCiwBaVXPjDHhV0GcZx3l_HoU1dbid

Targets

- Target
  
  8aab7266ea91f873551d892fd1681f4a800d3d7cc6e46201fbbe4fbbd98ed414
- Size
  
  3KB
- MD5
  
  1b5b81995133090e5a31ca3bee36794e
- SHA1
  
  f9247cad841aa5fa4de76ef4e7e457ae13c4f61e
- SHA256
  
  8aab7266ea91f873551d892fd1681f4a800d3d7cc6e46201fbbe4fbbd98ed414
- SHA512
  
  5607b4c8512a1d7bfe26d7af7280caa1a5b9ce8eb27cc89e214eabab832278ed65c643f1b87d4738564ba6e0f4760cafa26b9466f5d2916a94a1ef877947a639
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Drops file in Drivers directory
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1