20c0e8522d9e6fe9d45784826521416b657baeefd6c3dde33d7526a8dc7fff2b | Triage

Resubmissions

12/04/2024, 15:05

240412-sgj26see2v 10

12/04/2024, 15:05

240412-sggl2see2s 10

12/04/2024, 15:05

240412-sgf1hsbe23 10

12/04/2024, 15:05

240412-sgbqssbd99 10

12/04/2024, 15:05

240412-sga49sbd98 10

09/04/2024, 07:59

240409-jvg1asab26 10

09/04/2024, 07:59

240409-jvgdrsdd5w 10

09/04/2024, 07:59

240409-jvfr8sdd5v 10

09/04/2024, 07:59

240409-jvfggadd5t 10

19/01/2024, 20:24

240119-y6y6aadfb5 10

Sharing

General

Target

tmp
Size

5.9MB
Sample

240412-sggl2see2s
MD5

bbe98cc2bf5ce0c0bb4fb74370e2af68
SHA1

6a363ce866e541105642c2b35e048998e2dfdfea
SHA256

20c0e8522d9e6fe9d45784826521416b657baeefd6c3dde33d7526a8dc7fff2b
SHA512

900b23e8095ff64fc7d8b5d169204733410734046d0be059e60fe88be32c09e578ac94bdb466f4eba8565d78685aec499cbbfcb1332f6d90626bbb999690b762
SSDEEP

98304:lIIuKCEdO96Xkmby531xv91EZJ9XARo00k3NPedyEhyeSDwlqGuLpnKriRkS8KRn:lTO96bby5jv91SFVkoyEhyeSuuLpyfjm

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  tmp
- Size
  
  5.9MB
- MD5
  
  bbe98cc2bf5ce0c0bb4fb74370e2af68
- SHA1
  
  6a363ce866e541105642c2b35e048998e2dfdfea
- SHA256
  
  20c0e8522d9e6fe9d45784826521416b657baeefd6c3dde33d7526a8dc7fff2b
- SHA512
  
  900b23e8095ff64fc7d8b5d169204733410734046d0be059e60fe88be32c09e578ac94bdb466f4eba8565d78685aec499cbbfcb1332f6d90626bbb999690b762
- SSDEEP
  
  98304:lIIuKCEdO96Xkmby531xv91EZJ9XARo00k3NPedyEhyeSDwlqGuLpnKriRkS8KRn:lTO96bby5jv91SFVkoyEhyeSuuLpyfjm
Score

10^/10

discovery evasion trojan
- Modifies security service
  evasion
- Contacts a large (680) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan

behavioral3

behavioral4