848e06f23f480d0f35bb7bf332d768212e49e3ef0c32f64853d8a8517efaf672 | Triage

Sharing

General

Target

848e06f23f480d0f35bb7bf332d768212e49e3ef0c32f64853d8a8517efaf672
Size

191KB
Sample

240409-1e49bscc74
MD5

99f7628359a0c8275fac1fa81bf1902d
SHA1

8ac1dcdc47b541685956ab9ab8f34111b83181a4
SHA256

848e06f23f480d0f35bb7bf332d768212e49e3ef0c32f64853d8a8517efaf672
SHA512

98f6d7a2688b18c8b96fe9601bce2de5438fbe332801e21cc96a1afbb15664280adf8eff077244404906fe37d5452bb872b5d6053108baf0dd4efb3b2d5bad8f
SSDEEP

3072:u3cH8YRh/rjU6vl+WJbI0nU7xBvdcH8YRh/rjU6vl+WJbI0nU7x0fy:u3cc+t+N/dcc+t+NI

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  848e06f23f480d0f35bb7bf332d768212e49e3ef0c32f64853d8a8517efaf672
- Size
  
  191KB
- MD5
  
  99f7628359a0c8275fac1fa81bf1902d
- SHA1
  
  8ac1dcdc47b541685956ab9ab8f34111b83181a4
- SHA256
  
  848e06f23f480d0f35bb7bf332d768212e49e3ef0c32f64853d8a8517efaf672
- SHA512
  
  98f6d7a2688b18c8b96fe9601bce2de5438fbe332801e21cc96a1afbb15664280adf8eff077244404906fe37d5452bb872b5d6053108baf0dd4efb3b2d5bad8f
- SSDEEP
  
  3072:u3cH8YRh/rjU6vl+WJbI0nU7xBvdcH8YRh/rjU6vl+WJbI0nU7x0fy:u3cc+t+N/dcc+t+NI
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

BITS Jobs

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2