68a2c42f5e5c03827b424e1429170d79ea0529987ec07f4a2b76ef109bb7a888 | Triage

Sharing

General

Target

PIG860624BF1GE1532.xml.exe
Size

1.6MB
Sample

240612-sylmbszera
MD5

70467670cda5878ec6d1670c4b395318
SHA1

d32331447127bdf0656cf23a8587847c4251542a
SHA256

68a2c42f5e5c03827b424e1429170d79ea0529987ec07f4a2b76ef109bb7a888
SHA512

3a697125924e824223e30b0d04c4d2da1b00196900629f96cb78683cf6a42cd4a73a98df94126710cf139a6ddff472a7129167c91f8d11e891c26191c58414a4
SSDEEP

12288:Yq9Kz9XYHoV3/f13l+qefXfgaB2dj1z+Bhb3p18LB/0zHm8o:YUK6IV3/deYaB2djw3pSB0zG3

Score

10^/10

evasion execution persistence trojan

Malware Config

Targets

- Target
  
  PIG860624BF1GE1532.xml.exe
- Size
  
  1.6MB
- MD5
  
  70467670cda5878ec6d1670c4b395318
- SHA1
  
  d32331447127bdf0656cf23a8587847c4251542a
- SHA256
  
  68a2c42f5e5c03827b424e1429170d79ea0529987ec07f4a2b76ef109bb7a888
- SHA512
  
  3a697125924e824223e30b0d04c4d2da1b00196900629f96cb78683cf6a42cd4a73a98df94126710cf139a6ddff472a7129167c91f8d11e891c26191c58414a4
- SSDEEP
  
  12288:Yq9Kz9XYHoV3/f13l+qefXfgaB2dj1z+Bhb3p18LB/0zHm8o:YUK6IV3/deYaB2djw3pSB0zG3
Score

10^/10

evasion execution persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionpersistencetrojan

behavioral2

evasionexecutiontrojan