e3f2f0455958438009b8d81269e59b8ba52de86d6be364b219eaaf462f7e5083 | Triage

Sharing

General

Target

leagueoflengends.exe
Size

5.3MB
Sample

240526-xx5e9sgg8t
MD5

d8e29a483b0e939daa8620fa9551f229
SHA1

3272efc1e60fb6e65295b94530e0f72ec05e9b21
SHA256

e3f2f0455958438009b8d81269e59b8ba52de86d6be364b219eaaf462f7e5083
SHA512

62cc4fb9cc93adfe76e0e176c9687c0c3a3ca42629f3a1172e4dcab95eff85f7b4d235e19612ce1bef2ba6429a60160b88a4240583221b90c4269dd2515b0e6e
SSDEEP

98304:3nzruErKIDTGpzoLLJ3TbwaVvrZE0IdeyoFQK15W8ASLmbNYJERw1jrTH+1DE8IY:3nzruEeIm9onJ5hrZEReyiU8AdZYJERD

Score

10^/10

evasion pyinstaller trojan

Malware Config

Targets

- Target
  
  leagueoflengends.exe
- Size
  
  5.3MB
- MD5
  
  d8e29a483b0e939daa8620fa9551f229
- SHA1
  
  3272efc1e60fb6e65295b94530e0f72ec05e9b21
- SHA256
  
  e3f2f0455958438009b8d81269e59b8ba52de86d6be364b219eaaf462f7e5083
- SHA512
  
  62cc4fb9cc93adfe76e0e176c9687c0c3a3ca42629f3a1172e4dcab95eff85f7b4d235e19612ce1bef2ba6429a60160b88a4240583221b90c4269dd2515b0e6e
- SSDEEP
  
  98304:3nzruErKIDTGpzoLLJ3TbwaVvrZE0IdeyoFQK15W8ASLmbNYJERw1jrTH+1DE8IY:3nzruEeIm9onJ5hrZEReyiU8AdZYJERD
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2