e1ed11cea345491f2eb92488fd94f5c5640025ac9d6f229fece66b311de3a02a | Triage

Sharing

General

Target

011ef529785460a54c2eef6d0a87b2d2
Size

152KB
Sample

231225-dc836sfac9
MD5

011ef529785460a54c2eef6d0a87b2d2
SHA1

11fb23e3c99cf14ee52bae7f135fee09b213eacd
SHA256

e1ed11cea345491f2eb92488fd94f5c5640025ac9d6f229fece66b311de3a02a
SHA512

904a77352ef8a3f6ef3deeebee838a38c6b6af7300b90d75770bf9335e8a3b802f1ddcb04439b4a3a108222eaf634b72a5428db8903c7050a1206965213cb512
SSDEEP

3072:T8KloQSrkKgRENEI5apGTwQqVMTW0hiJ7uBkPTg:r

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  011ef529785460a54c2eef6d0a87b2d2
- Size
  
  152KB
- MD5
  
  011ef529785460a54c2eef6d0a87b2d2
- SHA1
  
  11fb23e3c99cf14ee52bae7f135fee09b213eacd
- SHA256
  
  e1ed11cea345491f2eb92488fd94f5c5640025ac9d6f229fece66b311de3a02a
- SHA512
  
  904a77352ef8a3f6ef3deeebee838a38c6b6af7300b90d75770bf9335e8a3b802f1ddcb04439b4a3a108222eaf634b72a5428db8903c7050a1206965213cb512
- SSDEEP
  
  3072:T8KloQSrkKgRENEI5apGTwQqVMTW0hiJ7uBkPTg:r
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2