Overview

overview

10

Static

static

3

fd52851f3a...aa.exe

windows7-x64

10

fd52851f3a...aa.exe

windows10-2004-x64

10

Resubmissions

03/11/2023, 04:34

231103-e68j6sea85 10

03/11/2023, 04:11

231103-er8xdsdg97 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd52851f3a6fd6331b2165fb4cfab37d73bc0b39edb5f2ef3233864061f1d8aa

  • Size

    179KB

  • Sample

    231103-e68j6sea85

  • MD5

    17f5432657b4f46226fe02f7d0833efb

  • SHA1

    234a74f2dd29ee90be537bdf41baa95be941fd84

  • SHA256

    fd52851f3a6fd6331b2165fb4cfab37d73bc0b39edb5f2ef3233864061f1d8aa

  • SHA512

    b07917a23d19640eaf03f8958c761bb19846df59f44e19a13113ed485ccf37f071d2cbcff74ecf17f2039f1b410949169921e58f57279d385650c5677e3230b1

  • SSDEEP

    3072:bd+i/ToOl+8E7gQwPVWd7+zHGZ6HJVCEesuU5OqBSHyYTkJjQCEv:RDcCdrg7+bRHJ/CUoqYIJjQC

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      fd52851f3a6fd6331b2165fb4cfab37d73bc0b39edb5f2ef3233864061f1d8aa

    • Size

      179KB

    • MD5

      17f5432657b4f46226fe02f7d0833efb

    • SHA1

      234a74f2dd29ee90be537bdf41baa95be941fd84

    • SHA256

      fd52851f3a6fd6331b2165fb4cfab37d73bc0b39edb5f2ef3233864061f1d8aa

    • SHA512

      b07917a23d19640eaf03f8958c761bb19846df59f44e19a13113ed485ccf37f071d2cbcff74ecf17f2039f1b410949169921e58f57279d385650c5677e3230b1

    • SSDEEP

      3072:bd+i/ToOl+8E7gQwPVWd7+zHGZ6HJVCEesuU5OqBSHyYTkJjQCEv:RDcCdrg7+bRHJ/CUoqYIJjQC

    Score
    10/10
    evasiontrojan

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks