950a5c5455b3d7a4ee27ff5bc7cea2ade2d507770a3cc15106018bfedae9ca52 | Triage

Resubmissions

05-07-2024 15:43

240705-s54fqatcng 10

05-07-2024 12:00

240705-n6l6lszhng 10

Sharing

General

Target

ORDEN DE COMPRA URGENTE‮f؜d؜p؜..exe
Size

2.4MB
Sample

240705-n6l6lszhng
MD5

fea126096e142649211027c6edbb9832
SHA1

e5e259235d3d77065918b3c4c369f9d74f1868d7
SHA256

950a5c5455b3d7a4ee27ff5bc7cea2ade2d507770a3cc15106018bfedae9ca52
SHA512

1f50c406c59fa74b95d97596a04b2cc132ede28bbe00c306aaa1bd3056942713f99aa5e5cf93022d652abb2fcacf7d6e24feec4e572a9aaff64368d1b0d28293
SSDEEP

12288:SSR2wX/utnvc69mP51M1nkPpVys8b5V29HxJu5YF9Iv3dosUg7JZtY:SSHuRc69mP/M5kmL/aHxJZIv3W42

Score

10^/10

evasion execution persistence trojan

Malware Config

Targets

- Target
  
  ORDEN DE COMPRA URGENTE‮f؜d؜p؜..exe
- Size
  
  2.4MB
- MD5
  
  fea126096e142649211027c6edbb9832
- SHA1
  
  e5e259235d3d77065918b3c4c369f9d74f1868d7
- SHA256
  
  950a5c5455b3d7a4ee27ff5bc7cea2ade2d507770a3cc15106018bfedae9ca52
- SHA512
  
  1f50c406c59fa74b95d97596a04b2cc132ede28bbe00c306aaa1bd3056942713f99aa5e5cf93022d652abb2fcacf7d6e24feec4e572a9aaff64368d1b0d28293
- SSDEEP
  
  12288:SSR2wX/utnvc69mP51M1nkPpVys8b5V29HxJu5YF9Iv3dosUg7JZtY:SSHuRc69mP/M5kmL/aHxJZIv3W42
Score

10^/10

evasion execution persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionpersistencetrojan

behavioral2

evasionexecutionpersistencetrojan