9cf1fac3b70c572fa6c3edbfe16561bef310e94cd8381df18853c2a8ac9eacab | Triage

Sharing

General

Target

387fb39b1e45d8e23fb0c9b84f3550df
Size

505KB
Sample

231231-q1t1daegaj
MD5

387fb39b1e45d8e23fb0c9b84f3550df
SHA1

029a77ff2776be153ea1bb9aae4b02b60f203c45
SHA256

9cf1fac3b70c572fa6c3edbfe16561bef310e94cd8381df18853c2a8ac9eacab
SHA512

2e9ccbf64cf7695c0aa02f6d275e061d2b83773496206370ef31a9980ddf2630c0c49e67b291f95f915a07c8a09bb0f6524a630b5738654bf127bcbadbc31bb5
SSDEEP

12288:KobvC4sI+7XdsuoISKvSI2wS7Ww6ox4BsHHoPOtkK:TbvCDnhsuozhI2wAWwsB1OtkK

Score

6^/10

evasion trojan

Malware Config

Targets

- Target
  
  Auto Update/AutoUpdateKeyCF..exe
- Size
  
  76KB
- MD5
  
  d5d80ac141c10772b9645976525f0d37
- SHA1
  
  1c85b17fd4e232821a4035bd86ae7707517d8c6a
- SHA256
  
  19428625463b63707af5e08df87a716c9a21f3c4745d14e9c35417e05f74a567
- SHA512
  
  3a22e0bcec2557053392e2d8ec132e10017fda89aca85f4be117be0b27291ff058a3da9d6cbabead6c1e01beecaf55d3b4462d57161ce19cb28722832ca8f1c8
- SSDEEP
  
  1536:+bAAVcwBYbf5jhR8gIC6hKy0KYnyJpEosnMxA3mE:CAALBYRP8dhKnkpbsi6
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Huong dan su dung KeyCFModz 1096.url
- Size
  
  216B
- MD5
  
  d24df0934116f07412e51960c9e0e51d
- SHA1
  
  a1d3fc086882710f8d2627a95cd420dd04c72c79
- SHA256
  
  8dab18f214f06dbbefb7c0c5c79d2e711b3e5810c7e66b23075d83a4051f1e50
- SHA512
  
  72ddd45f29b1b6dbc3501a010606bbfaa5eb6bf995248aafd121dc6743c48aaa11f853667a4f3395a8e1e0d9ea5b81505d2cfab1058a7e99778bd65cff262a26
Score

1^/10
behavioral3 behavioral4
- Target
  
  KEYCF-FIX For CF Russia.exe
- Size
  
  64KB
- MD5
  
  d4afc8e700c744d5792d6f5cfd7005da
- SHA1
  
  4c1ccb7d55b1e398e438993e6d38bb612665aa10
- SHA256
  
  051fcad21e4f6cd49e5e9ced8ace1e0325b652629d22feeb89e5b3e61914eaf0
- SHA512
  
  f2518581c67b60cbaa141a6fe25cda1543d8e92c33b09b075d6ca3c4ac2eac91e5ff1ce403d890dde8cf4082ea4f2a6a4bfe508d71232fa1fefd91d870fccacd
- SSDEEP
  
  1536:iI1wMqZP+8m894wWS6xxgaHt4L3Q4ts1iiY:itP6SO2yGLgNY
Score

1^/10
behavioral5 behavioral6
- Target
  
  TrumGame.Net.url
- Size
  
  119B
- MD5
  
  f76d5962d102e26a2f6449467b9169d2
- SHA1
  
  4b17bcfa6a4abcd43faf184df20b7ea0f02ae053
- SHA256
  
  cf880694d402b3e545f61a09ff0541fcd649b07d46cc9ca07622a7416473135f
- SHA512
  
  360058355a0f3d77e64bd497d48daf44fa9664fa66a0e7b52827ab0b89f086a49efde4b1f487e2d52314ec9e8e18310954c5b110e3e71f50d74084039a08c081
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral7 behavioral8
- Target
  
  keycf 7.6.exe
- Size
  
  220KB
- MD5
  
  5cf8fffa9a0f80056f8eef509befa7c2
- SHA1
  
  03981c41f689439f7a8aeb238438d13d916fe3d8
- SHA256
  
  a54fe64dc9c5995899ddbeb181f3a5e28156d4ba41ba564ef038629f70fb4d14
- SHA512
  
  b1141b04be7deaf55f0ab68d338aae15b94780df21cc28d41c6ff1dbeb2dd7dcd2a35a4fcd25bf3d6af65fc593c8c2a65f56ef6e36d9aeb6fc3154ec714df883
- SSDEEP
  
  3072:LqFGOQ/Ap8Qt8sYCy1eB3jBKMxE7VJwoRcxgip349oMbwYTDpCxj/SBsBnavTbh:LqA/+8mYngB3jBsVKoRVMMjfp6jpnav
Score

5^/10
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  keycf.dll
- Size
  
  204KB
- MD5
  
  29dbe94291be71a89545c7b3c5d3f79c
- SHA1
  
  dea86ab08bf114eae47a4c091c0dba4cd199010f
- SHA256
  
  1d09895873f8d4d2b5ea018c2d42a1384dfe0c5b4c8d914e37733bb64e35bc65
- SHA512
  
  4ed9824e72d9479d2a5cf1c865a4e92e8cf73e60a8d87950ded2b41e26c93811a3c2880c3bf07c0dc007af9fe43673ef0f399d5c9c9b16ec85f8a2f02095ec9a
- SSDEEP
  
  3072:D3unGHHVNpTLKQTwk/2M8rmDSH3ubVExighVQp+/FmUGoBR+LTRjmUmc57Qi:D1HHBnHL2MKxHsVinVQp+/Fcaefe
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12