f4458fd506afccef780a48ace51e635b93ff9c8da69dd92ff0db08f4b4fe5fec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zu64nvtw7jto.exe
Size

6.6MB
Sample

230804-zpr63sff3s
MD5

a414b780a56c9e4297bbceb9868bc618
SHA1

dbb5d70c0835dd18fce994b1ae11ba4e078fdbee
SHA256

f4458fd506afccef780a48ace51e635b93ff9c8da69dd92ff0db08f4b4fe5fec
SHA512

658307976d80ec499aff4ce2f2a386846842527ab89289cf5a68ae0db2aa5bbd4adf67188a556ad08542828ff9b8b55c58abc5f084aec6e4131427a07afff319
SSDEEP

98304:1vzTX4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqfvsJ1YPwIu/:1vX4FMIZETKwjPePdrQJ/BNOqAYPL

Score

10^/10

evasion pyinstaller trojan

Malware Config

Targets

- Target
  
  zu64nvtw7jto.exe
- Size
  
  6.6MB
- MD5
  
  a414b780a56c9e4297bbceb9868bc618
- SHA1
  
  dbb5d70c0835dd18fce994b1ae11ba4e078fdbee
- SHA256
  
  f4458fd506afccef780a48ace51e635b93ff9c8da69dd92ff0db08f4b4fe5fec
- SHA512
  
  658307976d80ec499aff4ce2f2a386846842527ab89289cf5a68ae0db2aa5bbd4adf67188a556ad08542828ff9b8b55c58abc5f084aec6e4131427a07afff319
- SSDEEP
  
  98304:1vzTX4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqfvsJ1YPwIu/:1vX4FMIZETKwjPePdrQJ/BNOqAYPL
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1