79d1a9ec049f598528e505aa71fdd68f01f7abcd8cb29c1e54ba018d239ae282 | Triage

Sharing

General

Target

stager.exe
Size

1.9MB
Sample

230719-p9djbafd85
MD5

4ed2a8948a165b72025d5868a31a34c8
SHA1

b25b9db66eefe9418bb398a8a5ffe4aebb7d4ff8
SHA256

79d1a9ec049f598528e505aa71fdd68f01f7abcd8cb29c1e54ba018d239ae282
SHA512

64411bb2f3510f26114d809409dd9af29238fb1c43ee005c08c3b00826be0bce0230ad26afc786961b659d8cc470f59ed12108b4a11056b702a516330bbec380
SSDEEP

24576:GXjaqCL0DG3EZJOHVXGGUIHjNGxmKg7xf:GXjaADG3EWVd

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  stager.exe
- Size
  
  1.9MB
- MD5
  
  4ed2a8948a165b72025d5868a31a34c8
- SHA1
  
  b25b9db66eefe9418bb398a8a5ffe4aebb7d4ff8
- SHA256
  
  79d1a9ec049f598528e505aa71fdd68f01f7abcd8cb29c1e54ba018d239ae282
- SHA512
  
  64411bb2f3510f26114d809409dd9af29238fb1c43ee005c08c3b00826be0bce0230ad26afc786961b659d8cc470f59ed12108b4a11056b702a516330bbec380
- SSDEEP
  
  24576:GXjaqCL0DG3EZJOHVXGGUIHjNGxmKg7xf:GXjaADG3EWVd
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2