62d55d68add8fdf3d36b014156d1acaac219facb19ccf244f098e5824509fc3e | Triage

Sharing

General

Target

Seven.zip
Size

1.1MB
Sample

240427-vtflmadb66
MD5

0debce271b9c0bb4bc575812dbb46ee2
SHA1

58e5d43fa36e1c9da3e5377f2f447f17d07a5527
SHA256

62d55d68add8fdf3d36b014156d1acaac219facb19ccf244f098e5824509fc3e
SHA512

b7884ea84d9965250f674669bf731cd1795e374b5a77a7bd2d4f328a894a64faae8c119585fb6583d9562c42b9cb99d984b1da90ec7b5c2de927ea0abefd3579
SSDEEP

24576:CBnX3D7uDMa3oiB5atjWvUq13RlMWduVNlqjwBnogPz67S:C5X3Fa3xEjaUq1rduVDqMzH

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  Seven.dll
- Size
  
  1.0MB
- MD5
  
  ef5402fefa4760111f2c60d290d488c5
- SHA1
  
  bdba28ab436a10731b69d1d7e3dea06f80e11d28
- SHA256
  
  01650c6ab1cfc88e9efd0a83a3d491d878016444ad9d19cce1495c89a71dafa2
- SHA512
  
  b467605ed56cbacf6d598f7a83998968e390b462f5bb516d4949d18f5087eaf68f32f09fbca472353653bf5fb2b20ba01f349219dab25928e95f009f7b6d7708
- SSDEEP
  
  24576:NAiJR2R0ir5AtzWTKqj37lOWdALLd4dOPjuy:52R3mziKqt1dALh44
Score

1^/10
behavioral1
- Target
  
  Seven.exe
- Size
  
  139KB
- MD5
  
  6503f847c3281ff85b304fc674b62580
- SHA1
  
  947536e0741c085f37557b7328b067ef97cb1a61
- SHA256
  
  afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
- SHA512
  
  abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
- SSDEEP
  
  3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2