8cece70bbfdfe1792ec9e1c3be822369aaee57680ea0bc78bd8dc37d07e43fc0 | Triage

Sharing

General

Target

CATALOG LIST‮s᠎x᠎l᠎x᠎..exe
Size

616KB
Sample

240314-h535vafh33
MD5

4390e4862c4906c8a2f35366ba4066d9
SHA1

4688330403611320e6d37dbc54e2327e47b2fe0e
SHA256

8cece70bbfdfe1792ec9e1c3be822369aaee57680ea0bc78bd8dc37d07e43fc0
SHA512

882faa9f80c507b9cb8d2e595893f78dc7a72e1b74c951a3a19d1db6d6682b3b544f74902b946c1a4e6f807cb8c54192366cce5eb360f79ba55da99b940c7d75
SSDEEP

12288:ofiw8MkxswcXKC2zNWfm2YRm5sm2YRm5hkxswcXKC2zNW:gD8MZX9uWfm2Yysm2YyhZX9uW

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  CATALOG LIST‮s᠎x᠎l᠎x᠎..exe
- Size
  
  616KB
- MD5
  
  4390e4862c4906c8a2f35366ba4066d9
- SHA1
  
  4688330403611320e6d37dbc54e2327e47b2fe0e
- SHA256
  
  8cece70bbfdfe1792ec9e1c3be822369aaee57680ea0bc78bd8dc37d07e43fc0
- SHA512
  
  882faa9f80c507b9cb8d2e595893f78dc7a72e1b74c951a3a19d1db6d6682b3b544f74902b946c1a4e6f807cb8c54192366cce5eb360f79ba55da99b940c7d75
- SSDEEP
  
  12288:ofiw8MkxswcXKC2zNWfm2YRm5sm2YRm5hkxswcXKC2zNW:gD8MZX9uWfm2Yysm2YyhZX9uW
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2