0ae3e11fe86ef6d1921c701bf0cd9ea38d49e8af06e0291f876ecc577bcf27c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NDP481-DevPack-ENU.exe
Size

98.7MB
Sample

240319-syhwfaga81
MD5

86c93d8f6332522bfae283aea3c68faf
SHA1

7a9dd2fef081d88fb7c361e34666b0beeaf80701
SHA256

0ae3e11fe86ef6d1921c701bf0cd9ea38d49e8af06e0291f876ecc577bcf27c7
SHA512

20b22b4c149fec8b8fcc3d3d119613b3b2545ccdd442b5d7f9e6998a1360da59ae74e65979c98caf9d420cd739426ea7981ae3f4476a5630ad373cced7a9497b
SSDEEP

1572864:1P3noT42ve3tXwzEpflkytiFGtCjn8qbjDBWe5ybkAs98mvTGXco26lLz2g:WT42AwzxyOGtCj8qDTybkXOmvqRpF

Score

7^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  NDP481-DevPack-ENU.exe
- Size
  
  98.7MB
- MD5
  
  86c93d8f6332522bfae283aea3c68faf
- SHA1
  
  7a9dd2fef081d88fb7c361e34666b0beeaf80701
- SHA256
  
  0ae3e11fe86ef6d1921c701bf0cd9ea38d49e8af06e0291f876ecc577bcf27c7
- SHA512
  
  20b22b4c149fec8b8fcc3d3d119613b3b2545ccdd442b5d7f9e6998a1360da59ae74e65979c98caf9d420cd739426ea7981ae3f4476a5630ad373cced7a9497b
- SSDEEP
  
  1572864:1P3noT42ve3tXwzEpflkytiFGtCjn8qbjDBWe5ybkAs98mvTGXco26lLz2g:WT42AwzxyOGtCj8qDTybkXOmvqRpF
Score

7^/10

discovery evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan