0636e840df82e493d9a8e8bf1a0e4de3374c517e24537dd5670c838c00ead68e | Triage

Sharing

General

Target

8b87773a8a67d96f0660f3655640489c
Size

555KB
Sample

240203-garynaacf5
MD5

8b87773a8a67d96f0660f3655640489c
SHA1

15982074ff55408404939eb295686a42a055384a
SHA256

0636e840df82e493d9a8e8bf1a0e4de3374c517e24537dd5670c838c00ead68e
SHA512

d04b886dfe2d55891ef6f45b557dc99ca35d1317826d31002b5eda2d48295d730454ff1d144704ac09321dee2d9b75842d8f97403c5fb857d612efe7e481d37a
SSDEEP

12288:IzxzTDWikLSb4NS7t2X+t40XJ+fhSSbx6XiGSZhTwuTUg:+DWHSb4Nc0q+ZSQ6BawuTUg

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  8b87773a8a67d96f0660f3655640489c
- Size
  
  555KB
- MD5
  
  8b87773a8a67d96f0660f3655640489c
- SHA1
  
  15982074ff55408404939eb295686a42a055384a
- SHA256
  
  0636e840df82e493d9a8e8bf1a0e4de3374c517e24537dd5670c838c00ead68e
- SHA512
  
  d04b886dfe2d55891ef6f45b557dc99ca35d1317826d31002b5eda2d48295d730454ff1d144704ac09321dee2d9b75842d8f97403c5fb857d612efe7e481d37a
- SSDEEP
  
  12288:IzxzTDWikLSb4NS7t2X+t40XJ+fhSSbx6XiGSZhTwuTUg:+DWHSb4Nc0q+ZSQ6BawuTUg
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2