1a1e3a0b0686f59de0490f807a903fdaac1a30830c4c9ff811f78803099e3cda | Triage

Submit
Reports

Overview

overview

8

Static

static

3

1a1e3a0b06...da.exe

windows7-x64

8

1a1e3a0b06...da.exe

windows10-2004-x64

8

Sharing

General

Target

1a1e3a0b0686f59de0490f807a903fdaac1a30830c4c9ff811f78803099e3cda
Size

6.3MB
Sample

240427-h8nvbsed61
MD5

77e5d4a48db29ec3cdaece22605ff86a
SHA1

1ed15b2db9c08b47819f0348216b5d1b66bdd1d0
SHA256

1a1e3a0b0686f59de0490f807a903fdaac1a30830c4c9ff811f78803099e3cda
SHA512

b10e704877e7622583e47215fd77604ff83ba27fdd313f6c1dcb5e0b786c92daf885192c2be3e93f46f9fcf9394625105a89272b1b06c0b90f3385b0a0dd9c63
SSDEEP

98304:VjD5WMGDmjYRfp399zM1wHLhTHI+uSMD9qOgVdcw8GZDm97TemXlyGgYIUj:VjDbGDmju399mwrhTI+uxwRmhTxyGaC

Score

8^/10

discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a1e3a0b0686f59de0490f807a903fdaac1a30830c4c9ff811f78803099e3cda.exe

Resource

win7-20231129-en

discovery evasion persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a1e3a0b0686f59de0490f807a903fdaac1a30830c4c9ff811f78803099e3cda.exe

Resource

win10v2004-20240419-en

discovery persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a1e3a0b0686f59de0490f807a903fdaac1a30830c4c9ff811f78803099e3cda
- Size
  
  6.3MB
- MD5
  
  77e5d4a48db29ec3cdaece22605ff86a
- SHA1
  
  1ed15b2db9c08b47819f0348216b5d1b66bdd1d0
- SHA256
  
  1a1e3a0b0686f59de0490f807a903fdaac1a30830c4c9ff811f78803099e3cda
- SHA512
  
  b10e704877e7622583e47215fd77604ff83ba27fdd313f6c1dcb5e0b786c92daf885192c2be3e93f46f9fcf9394625105a89272b1b06c0b90f3385b0a0dd9c63
- SSDEEP
  
  98304:VjD5WMGDmjYRfp399zM1wHLhTHI+uSMD9qOgVdcw8GZDm97TemXlyGgYIUj:VjDbGDmju399mwrhTI+uxwRmhTxyGaC
Score

8^/10

discovery evasion persistence trojan
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy