Overview

overview

8

Static

static

1

PWNEDuo (b...ser.js

windows7-x64

1

PWNEDuo (b...ser.js

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    PWNEDuo (based on DuoHacker).user.js

  • Size

    14KB

  • Sample

    231124-rc2wrabg23

  • MD5

    d5bbabbe76181e95b2739e520ad30cbf

  • SHA1

    07af976a8c741c5d1946027fbeca6c7ae97784cd

  • SHA256

    32dbc2a742eea5db1e881c593c0b13576087371c51ed50b01c308fac0db4c388

  • SHA512

    8c68316ed62ae5702a660f177d2ac10753704ebf353fe5e5920485b75b0c9296ab5e4f1cdb48066d7829fb5fb27a683ee07e0264e218085a153dad4b39ff2da8

  • SSDEEP

    192:tis0QYoLiizqDXMCArc143C+W24rpSk523PS++SZk+EQpwkd3grvB/2SuTu1r6U7:1piiujN1rxkSZ/A9VN049l4pgK

Score
8/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      PWNEDuo (based on DuoHacker).user.js

    • Size

      14KB

    • MD5

      d5bbabbe76181e95b2739e520ad30cbf

    • SHA1

      07af976a8c741c5d1946027fbeca6c7ae97784cd

    • SHA256

      32dbc2a742eea5db1e881c593c0b13576087371c51ed50b01c308fac0db4c388

    • SHA512

      8c68316ed62ae5702a660f177d2ac10753704ebf353fe5e5920485b75b0c9296ab5e4f1cdb48066d7829fb5fb27a683ee07e0264e218085a153dad4b39ff2da8

    • SSDEEP

      192:tis0QYoLiizqDXMCArc143C+W24rpSk523PS++SZk+EQpwkd3grvB/2SuTu1r6U7:1piiujN1rxkSZ/A9VN049l4pgK

    Score
    8/10
    evasionpersistencetrojan

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks