Overview

overview

10

Static

static

3

131d63516b...6b.exe

windows7-x64

10

131d63516b...6b.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    131d63516ba4c2260709118d39b1e76b

  • Size

    60KB

  • Sample

    231225-krshasdffj

  • MD5

    131d63516ba4c2260709118d39b1e76b

  • SHA1

    9d23b29c608390cc5aa66ba968f3203696176aaf

  • SHA256

    33fd96edf4244de4970fed53491111fba9e135723af773dfbf8f435637dd06ed

  • SHA512

    4d1e6a1558bc86c338bb4d101e9e712dd3ce30ac3b94053749f7fae4a53b7c646dc0795df9d8ee57bdba30886ecf509dc5f4d5ed4d38bc36136af04a80f8b8f5

  • SSDEEP

    768:FQ0c9BZCPEHUE0WkAE6jxnD85+6M3WUJ3U6yjViRjVmWD:+0gPCMHUaE6j1LAKUcdV/

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      131d63516ba4c2260709118d39b1e76b

    • Size

      60KB

    • MD5

      131d63516ba4c2260709118d39b1e76b

    • SHA1

      9d23b29c608390cc5aa66ba968f3203696176aaf

    • SHA256

      33fd96edf4244de4970fed53491111fba9e135723af773dfbf8f435637dd06ed

    • SHA512

      4d1e6a1558bc86c338bb4d101e9e712dd3ce30ac3b94053749f7fae4a53b7c646dc0795df9d8ee57bdba30886ecf509dc5f4d5ed4d38bc36136af04a80f8b8f5

    • SSDEEP

      768:FQ0c9BZCPEHUE0WkAE6jxnD85+6M3WUJ3U6yjViRjVmWD:+0gPCMHUaE6j1LAKUcdV/

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks