eb27d4fc56e8a66e9fb47d0b73b752f963855ac169130d55a488709caa466bba | Triage

Sharing

General

Target

file
Size

1.1MB
Sample

240123-l8hvvshdfm
MD5

072932d63a4fdc222735e6f713a514ae
SHA1

cdb200e4c759600e4a83e450fbd67a7682526ea9
SHA256

eb27d4fc56e8a66e9fb47d0b73b752f963855ac169130d55a488709caa466bba
SHA512

c7512594cb7ee7d9d3b3f71ff8931441932473d25561d946f55aface0c704b01a4f7bbbc8fc53b30e1cf1be10030c91186988f0ba6183485037924bb83db8702
SSDEEP

24576:La5ou5FEgQHe/Hlh9dJs3duzm413cig9gUfHSA+U:EouPx/363duzm413cr9gUqZ

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  file
- Size
  
  1.1MB
- MD5
  
  072932d63a4fdc222735e6f713a514ae
- SHA1
  
  cdb200e4c759600e4a83e450fbd67a7682526ea9
- SHA256
  
  eb27d4fc56e8a66e9fb47d0b73b752f963855ac169130d55a488709caa466bba
- SHA512
  
  c7512594cb7ee7d9d3b3f71ff8931441932473d25561d946f55aface0c704b01a4f7bbbc8fc53b30e1cf1be10030c91186988f0ba6183485037924bb83db8702
- SSDEEP
  
  24576:La5ou5FEgQHe/Hlh9dJs3duzm413cig9gUfHSA+U:EouPx/363duzm413cr9gUqZ
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2