4e1663b571d65e76b431b1167aac3670a76ed0a8612972c6e3615cb4e32a1966 | Triage

Sharing

General

Target

75dd271f5ec4b5b321661e3de6a25331
Size

412KB
Sample

240126-adh2labahl
MD5

75dd271f5ec4b5b321661e3de6a25331
SHA1

eccf1c70ecb19c537ec5269863b998cc84acb4de
SHA256

4e1663b571d65e76b431b1167aac3670a76ed0a8612972c6e3615cb4e32a1966
SHA512

6f540edd92932cdc8a105be2741b33464836080f90e373bfe2e825b6dceac0915ffdc97404e9ce333185f8bdbc50dab0d1b22493c87e5180cc3aa584c4b850d7
SSDEEP

6144:ryOilt0zY2NpUy3bz6aDXLagSzDBRBBAYDm7V1/s1L4KKdAfwB+mikNPl11Pr3:eO2t0Mipf3SmXV8BHm7Va4vmwB+98/1D

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  75dd271f5ec4b5b321661e3de6a25331
- Size
  
  412KB
- MD5
  
  75dd271f5ec4b5b321661e3de6a25331
- SHA1
  
  eccf1c70ecb19c537ec5269863b998cc84acb4de
- SHA256
  
  4e1663b571d65e76b431b1167aac3670a76ed0a8612972c6e3615cb4e32a1966
- SHA512
  
  6f540edd92932cdc8a105be2741b33464836080f90e373bfe2e825b6dceac0915ffdc97404e9ce333185f8bdbc50dab0d1b22493c87e5180cc3aa584c4b850d7
- SSDEEP
  
  6144:ryOilt0zY2NpUy3bz6aDXLagSzDBRBBAYDm7V1/s1L4KKdAfwB+mikNPl11Pr3:eO2t0Mipf3SmXV8BHm7Va4vmwB+98/1D
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2