8e9b7e89c3712e3d49aceadfcfe66754855eb966f7c197c2a2b8aefd67a2ea35 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa3bce9edaa881657ab820aff942e6a0
Size

1.3MB
Sample

231228-1le8saafam
MD5

fa3bce9edaa881657ab820aff942e6a0
SHA1

6c8b99021d07b41cb72ed5838550f6401824c092
SHA256

8e9b7e89c3712e3d49aceadfcfe66754855eb966f7c197c2a2b8aefd67a2ea35
SHA512

e163768f8e2e096e8228b84d2a44468e0094766aec873f6e3b8b5f61a7ca7348f9d2cc8ffd43bdafc7139b5e72d93558327745e123a5fa54503b1be0682d4d82
SSDEEP

24576:DAvZ6LLdb1gUw+Z9j8WPsUaWR4hP04EbM5LCndUl5e0P0/F4XQ:DOy7giZBsRWR4h8tWC+C0PiiXQ

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  fa3bce9edaa881657ab820aff942e6a0
- Size
  
  1.3MB
- MD5
  
  fa3bce9edaa881657ab820aff942e6a0
- SHA1
  
  6c8b99021d07b41cb72ed5838550f6401824c092
- SHA256
  
  8e9b7e89c3712e3d49aceadfcfe66754855eb966f7c197c2a2b8aefd67a2ea35
- SHA512
  
  e163768f8e2e096e8228b84d2a44468e0094766aec873f6e3b8b5f61a7ca7348f9d2cc8ffd43bdafc7139b5e72d93558327745e123a5fa54503b1be0682d4d82
- SSDEEP
  
  24576:DAvZ6LLdb1gUw+Z9j8WPsUaWR4hP04EbM5LCndUl5e0P0/F4XQ:DOy7giZBsRWR4h8tWC+C0PiiXQ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  TNod.1.5.0vFinal/TNOD-1.5.0-Final..Portable/Insert License with the maximum expiration date.bat
- Size
  
  18B
- MD5
  
  452f02eb5bc11b433adcf750545f6b72
- SHA1
  
  d3db28b42280f0a1fbb4d5c86d845880bfd7b275
- SHA256
  
  2dab6d90428afd5c7f9ce5076c9fa217d7188af8c90862d34cf4f2dea7bbb80a
- SHA512
  
  797815d64b3e41944fca16570ab4e0fdfebb34eaf00aed66709a37c58748d65b52b37dcae8da0c453f254549504d67b17c07ba17cf5043e595a7bf53a54b75a1
Score

6^/10
- Checks for any installed AV software in registry
behavioral3 behavioral4
- Target
  
  TNod.1.5.0vFinal/TNOD-1.5.0-Final..Portable/Licenses Downloader.bat
- Size
  
  15B
- MD5
  
  2060959d7978be0a2cc0a742cc268076
- SHA1
  
  45200dc2ea6923b29446e5349c12d38f0099bbcd
- SHA256
  
  4575638933633c12e6dc8473162937c7e03b64bb9d213b8d8ddd0cb109cfa21a
- SHA512
  
  5f683e80f981aae17d483d37ac33f4fc8d3c640bbc087c1a1245569fb6557e4f9f1efe65cf7b88ab80edd9531369deb24e0de3ad499f462a0fa0d8dc4b4bd9ed
Score

6^/10
- Checks for any installed AV software in registry
behavioral5 behavioral6
- Target
  
  TNod.1.5.0vFinal/TNOD-1.5.0-Final..Portable/Recover data of current License.bat
- Size
  
  15B
- MD5
  
  a2145aff75b641ff66210d238daeacdb
- SHA1
  
  95dcbf9bdea87df5020533bf4890d19931e3da66
- SHA256
  
  85338c0d6bc77f7cbaef000f0797fcddb1ba525d6ee41e18e3c686a64e704928
- SHA512
  
  725ba61b1b60707d92b44b5e2741095ccea8658ea12a7df250c814846df0f3945e3aa66db066a21269f3fbca19be7d0d6adbc45b02dd2ce6b6fc2d95cedca026
Score

6^/10
- Checks for any installed AV software in registry
behavioral7 behavioral8
- Target
  
  TNod.1.5.0vFinal/TNOD-1.5.0-Final..Portable/TNODUP.exe
- Size
  
  1.7MB
- MD5
  
  e268c7c2716e33f91dd988e38d2973fd
- SHA1
  
  4873f9cf77296d601844bc292b3d7a6644272163
- SHA256
  
  f83589f99374767795a49da0f66a3f95d827d742d4e0e339548aa0e1b9d026c9
- SHA512
  
  708f649978d15ddcc89d595a2c176e220885b6dc02831ed6fd0d5e5de05f1b02dba24db2570708c26b8c0874dfeca809f8aef7f6fba2285dad8ad3a7eb76d4f2
- SSDEEP
  
  24576:T3/gv02pnBxOWaa9MleLhZivrIxf5579QBOXd//WjOCJTrp:W/QIxB992OtnWRTN
Score

6^/10
- Checks for any installed AV software in registry
behavioral10 behavioral9
- Target
  
  TNod.1.5.0vFinal/TNOD-1.5.0-Final..Portable/config.bat
- Size
  
  15B
- MD5
  
  4c396f70f16724f145ab1140efa83cf0
- SHA1
  
  e4afacc00be2c6abff17c0a72175383a2b9efaa8
- SHA256
  
  998f65dd33ec6f81079ea24da77f73ddbb117f7cbdc4e6498f9712675c00f585
- SHA512
  
  c1f9d3cd7a7f1853fea14237d8e8f5d87a698595b1590af22012083494f9681f6a8d03d2082937bd92157323b8ff586ec93dbe628860d9182554b4f4471d2597
Score

6^/10
- Checks for any installed AV software in registry
behavioral11 behavioral12
- Target
  
  TNod.1.5.0vFinal/TNod-1.4.0-Final.Setup/TNod-1.4.0.15-setup.exe
- Size
  
  738KB
- MD5
  
  8733c89f832c5e011934b72685a34153
- SHA1
  
  d9258906c84abd12731d9536cb12ccb46c77443e
- SHA256
  
  86ee53c7d42f9187b734d69bdcde0869932b85992e5fa635ecf0040a933acc96
- SHA512
  
  031c4347ef188a8cca66e24dbfa99b7ac2dbb68b52236802be505e14550f1c3dea799e1cd18ef562319e0406003037013bfc399ebaf1f48fbbcbd0a03cdfa0e1
- SSDEEP
  
  12288:w6K34mzYmZR+ObML+KHF+TVZYWpG7qU+xvaaV5nV+CDTFYoGmd/kc1aWIylCIuNk:3oTzYmD+9L3HFmVZYW4eUOai5VzuofdX
Score

7^/10
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  TNod.1.5.0vFinal/leeme.url
- Size
  
  113B
- MD5
  
  6cd522afdc25fa1aa68f521b3d277fde
- SHA1
  
  686eb4c5aa8d36a71bab206117047f62b6903c2b
- SHA256
  
  bc4942c49f720a31952029767d05af3f0d77fee6fa3595e4681fe95a2c912ab6
- SHA512
  
  167e65ef58893ac87d6991b078b0486fd7868170e5f3dda358100bb784acb40e20d9a770cff30cf0fea6310896005bb3781f0b2916cbad98a0bc39922dfe4b72
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16