132182c49f1c93153f53775d0e452bf8661f79a9f1aa67aca130b98564473095 | Triage

Sharing

General

Target

c4ee35570016e7219fc0b3fc9175a75b
Size

72KB
Sample

240313-epy96scd3z
MD5

c4ee35570016e7219fc0b3fc9175a75b
SHA1

6b947a182e2f50438227b904fa808a7b21bf14fc
SHA256

132182c49f1c93153f53775d0e452bf8661f79a9f1aa67aca130b98564473095
SHA512

71dd013c7d3e8473a98a61cbbe0359d9f5b7d7405c3db68315d659cc217b682c372ec7c61bbe34f77421e63c184535fc888636fcde7cc61a40af60a1f37eb038
SSDEEP

1536:XySP3Mn7TvOTUKTNl3shkgDJyQw/dRSm5KpGpX+3ige06+VYrr:CWg7TvrxkgDJg1R75eOAe0Burr

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  c4ee35570016e7219fc0b3fc9175a75b
- Size
  
  72KB
- MD5
  
  c4ee35570016e7219fc0b3fc9175a75b
- SHA1
  
  6b947a182e2f50438227b904fa808a7b21bf14fc
- SHA256
  
  132182c49f1c93153f53775d0e452bf8661f79a9f1aa67aca130b98564473095
- SHA512
  
  71dd013c7d3e8473a98a61cbbe0359d9f5b7d7405c3db68315d659cc217b682c372ec7c61bbe34f77421e63c184535fc888636fcde7cc61a40af60a1f37eb038
- SSDEEP
  
  1536:XySP3Mn7TvOTUKTNl3shkgDJyQw/dRSm5KpGpX+3ige06+VYrr:CWg7TvrxkgDJg1R75eOAe0Burr
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2