bdd89c26fd26a0baf92a21e6aafbc29d98c5dfae091c5de966ccc5855f9b454b | Triage

Sharing

General

Target

73a6c94086c2d8e464f4dd178dfdd3e0
Size

119KB
Sample

231226-q7k12sbfgq
MD5

73a6c94086c2d8e464f4dd178dfdd3e0
SHA1

0e91b40022ac78375fcf66751ee45794331a10e8
SHA256

bdd89c26fd26a0baf92a21e6aafbc29d98c5dfae091c5de966ccc5855f9b454b
SHA512

86c0d3feff43e6a0ba21feab25b19e238e06fc4f23ee6da2e03db4f1972f314e396994ac0378a9e01b554e55b1de4cdbf5208d37ce0a61ab2560664a9f71efa6
SSDEEP

3072:1rvYsJDoTbT+3r6iJiYHqYJGBWzcJvHJ:CjA6mzjJGBC4v

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  73a6c94086c2d8e464f4dd178dfdd3e0
- Size
  
  119KB
- MD5
  
  73a6c94086c2d8e464f4dd178dfdd3e0
- SHA1
  
  0e91b40022ac78375fcf66751ee45794331a10e8
- SHA256
  
  bdd89c26fd26a0baf92a21e6aafbc29d98c5dfae091c5de966ccc5855f9b454b
- SHA512
  
  86c0d3feff43e6a0ba21feab25b19e238e06fc4f23ee6da2e03db4f1972f314e396994ac0378a9e01b554e55b1de4cdbf5208d37ce0a61ab2560664a9f71efa6
- SSDEEP
  
  3072:1rvYsJDoTbT+3r6iJiYHqYJGBWzcJvHJ:CjA6mzjJGBC4v
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2