f4438cf27a37b3bf6be7e04cce6bc45e63eed86c95871142d35e3d27c036feef | Triage

Sharing

General

Target

c6d7b92886b5c6151b0328e2e7be0aca
Size

61KB
Sample

240313-zr7pjsgf7v
MD5

c6d7b92886b5c6151b0328e2e7be0aca
SHA1

f1d55d78b77ca248baedbc4367cc067d6899a096
SHA256

f4438cf27a37b3bf6be7e04cce6bc45e63eed86c95871142d35e3d27c036feef
SHA512

44b65cb6dcc699450432cb09f244b5989620e574933b9f3ee2e39505459f29cae15203cf5c63cf78f59c20c40eb5071027b8e1bafc31b8597713f37f3c267608
SSDEEP

1536:erj+8ZkVYa0tMId2MzdOTunQF+wyoCYNUOIyAFXZ/E9dzB4:ef+wkVYa+5/AanQVtYyAZZ/8dF4

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  c6d7b92886b5c6151b0328e2e7be0aca
- Size
  
  61KB
- MD5
  
  c6d7b92886b5c6151b0328e2e7be0aca
- SHA1
  
  f1d55d78b77ca248baedbc4367cc067d6899a096
- SHA256
  
  f4438cf27a37b3bf6be7e04cce6bc45e63eed86c95871142d35e3d27c036feef
- SHA512
  
  44b65cb6dcc699450432cb09f244b5989620e574933b9f3ee2e39505459f29cae15203cf5c63cf78f59c20c40eb5071027b8e1bafc31b8597713f37f3c267608
- SSDEEP
  
  1536:erj+8ZkVYa0tMId2MzdOTunQF+wyoCYNUOIyAFXZ/E9dzB4:ef+wkVYa+5/AanQVtYyAZZ/8dF4
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2