6496e51689ac9e2d0337525658387bf772b065484a5f3f23c27d3b46ee4aab1e | Triage

Sharing

General

Target

Trojan-Proxy.Win32.Qukart.vih-6496e51689ac9e2d0337525658387bf772b065484a5f3f23c27d3b46ee4aab1e
Size

112KB
Sample

240229-lhlttsda77
MD5

c4f9e01ce24e300737584601ed82f75a
SHA1

6d9c8a75bb230bf2f0c2d5d4eabfad502fc7d1fe
SHA256

6496e51689ac9e2d0337525658387bf772b065484a5f3f23c27d3b46ee4aab1e
SHA512

05582bbd5b94884fa3ced7a66feb843cb3b24c78e30c204eedaa3b15d11b6a80937582e1c3998c36ab032217ad7412be6e8f232b048844eb678b67b7b3fda3ab
SSDEEP

3072:/l6+n87E5sBH0MQH2qC7ZQOlzSLUK6MwGsGnDc9o:E+nCH0MQWfdQOhwJ6MwGsw

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Trojan-Proxy.Win32.Qukart.vih-6496e51689ac9e2d0337525658387bf772b065484a5f3f23c27d3b46ee4aab1e
- Size
  
  112KB
- MD5
  
  c4f9e01ce24e300737584601ed82f75a
- SHA1
  
  6d9c8a75bb230bf2f0c2d5d4eabfad502fc7d1fe
- SHA256
  
  6496e51689ac9e2d0337525658387bf772b065484a5f3f23c27d3b46ee4aab1e
- SHA512
  
  05582bbd5b94884fa3ced7a66feb843cb3b24c78e30c204eedaa3b15d11b6a80937582e1c3998c36ab032217ad7412be6e8f232b048844eb678b67b7b3fda3ab
- SSDEEP
  
  3072:/l6+n87E5sBH0MQH2qC7ZQOlzSLUK6MwGsGnDc9o:E+nCH0MQWfdQOhwJ6MwGsw
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2