d77dbba4337c1769c5378dda33c2df4481ed899808b4c4fc49e6ee1f34636e64 | Triage

Resubmissions

04/08/2023, 21:18

230804-z5218aed85 10

04/08/2023, 21:14

230804-z3jrvsed67 10

Sharing

Copy URL Twitter E-mail

General

Target

Helper-Remote-SupportExternConnect.exe
Size

6.6MB
Sample

230804-z5218aed85
MD5

efb7743696693a14b375bd967074fa6a
SHA1

cddb5eae19339af8410bace602c9a04752b8d4d9
SHA256

d77dbba4337c1769c5378dda33c2df4481ed899808b4c4fc49e6ee1f34636e64
SHA512

fcb7c183428ad27a0b709558e8fc3eb25528038110c767deb48b8602ce5e45bddb13eafcb260b59ff9b949b6541004f262274b06e025b053aefbcc7701e0c046
SSDEEP

98304:o9zTX4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqfvsJ1YPwIu/:oxX4FMIZETKwjPePdrQJ/BNOqAYPL

Score

10^/10

evasion pyinstaller trojan

Malware Config

Targets

- Target
  
  Helper-Remote-SupportExternConnect.exe
- Size
  
  6.6MB
- MD5
  
  efb7743696693a14b375bd967074fa6a
- SHA1
  
  cddb5eae19339af8410bace602c9a04752b8d4d9
- SHA256
  
  d77dbba4337c1769c5378dda33c2df4481ed899808b4c4fc49e6ee1f34636e64
- SHA512
  
  fcb7c183428ad27a0b709558e8fc3eb25528038110c767deb48b8602ce5e45bddb13eafcb260b59ff9b949b6541004f262274b06e025b053aefbcc7701e0c046
- SSDEEP
  
  98304:o9zTX4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqfvsJ1YPwIu/:oxX4FMIZETKwjPePdrQJ/BNOqAYPL
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1