3f8f3a8fd4ee2f1a9c8874a9f3e90d9d5a05169f3fd7da9dc5311685d68d9f74 | Triage

Sharing

General

Target

29fa128fdb68c4dd258f88f907dc865a
Size

64KB
Sample

231231-f5f9zadegp
MD5

29fa128fdb68c4dd258f88f907dc865a
SHA1

c1e130c2b973aba2a187ccd8e473829a0eddad8b
SHA256

3f8f3a8fd4ee2f1a9c8874a9f3e90d9d5a05169f3fd7da9dc5311685d68d9f74
SHA512

063045f6dc6bf5a4cf3099aa20215d44bb4d3895de73c0b07a56ce00423024422d4302615b33536c7d36cf61093622c622d6715e4dab60f03b1d0594c284df9c
SSDEEP

1536:HxTDTC+THDx7XNIXAKAGMYf7NoPFSlj2:RTDTXTjxz2XAUf7N

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  29fa128fdb68c4dd258f88f907dc865a
- Size
  
  64KB
- MD5
  
  29fa128fdb68c4dd258f88f907dc865a
- SHA1
  
  c1e130c2b973aba2a187ccd8e473829a0eddad8b
- SHA256
  
  3f8f3a8fd4ee2f1a9c8874a9f3e90d9d5a05169f3fd7da9dc5311685d68d9f74
- SHA512
  
  063045f6dc6bf5a4cf3099aa20215d44bb4d3895de73c0b07a56ce00423024422d4302615b33536c7d36cf61093622c622d6715e4dab60f03b1d0594c284df9c
- SSDEEP
  
  1536:HxTDTC+THDx7XNIXAKAGMYf7NoPFSlj2:RTDTXTjxz2XAUf7N
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2