7f86693073367afd6e304c2146bae8bdebf2806dc464c9bc394c96ad1ac8360a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c64eefc7a32213929b652e85c0f557c
Size

96KB
Sample

231230-zveg6sbbb5
MD5

1c64eefc7a32213929b652e85c0f557c
SHA1

e6491d2143fd9b30555eaf0e0cf314bc730907d7
SHA256

7f86693073367afd6e304c2146bae8bdebf2806dc464c9bc394c96ad1ac8360a
SHA512

27f65e3100c79c850e5b1182551daa87467fe09715354e399cb6142777ae66c8aaf7b10478021229770c18e2623af1442818eb73ccf7ac3a35a139a4b42005fe
SSDEEP

1536:e2V20XYBjJEd7+aDMNcHNMc6RqIbaXtZwXoErFnB5myN/N8L6surO0EE4:e2VdX7pD9NMBbaXA1rFnfmylN8L6sur4

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  1c64eefc7a32213929b652e85c0f557c
- Size
  
  96KB
- MD5
  
  1c64eefc7a32213929b652e85c0f557c
- SHA1
  
  e6491d2143fd9b30555eaf0e0cf314bc730907d7
- SHA256
  
  7f86693073367afd6e304c2146bae8bdebf2806dc464c9bc394c96ad1ac8360a
- SHA512
  
  27f65e3100c79c850e5b1182551daa87467fe09715354e399cb6142777ae66c8aaf7b10478021229770c18e2623af1442818eb73ccf7ac3a35a139a4b42005fe
- SSDEEP
  
  1536:e2V20XYBjJEd7+aDMNcHNMc6RqIbaXtZwXoErFnB5myN/N8L6surO0EE4:e2VdX7pD9NMBbaXA1rFnfmylN8L6sur4
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2