466a54d0b40dae3da963f52da4b2e993deca81ee39a2bb4b6d41582e5feff5e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MalwareBazaar.2
Size

1.3MB
Sample

240711-m42ylswcqa
MD5

ccc431f7f61f9aeec3cab9f01352214e
SHA1

11d0637469bafcdca12f5591457f2c5e4ca1af56
SHA256

466a54d0b40dae3da963f52da4b2e993deca81ee39a2bb4b6d41582e5feff5e3
SHA512

e57c280f57b5aa72362b502c963179470efd6114ac5ee52cff59cc8cca83e5d453e27e55e2495e00ce2549b322dad2920cb75e13edd43fa35033ea2f9813b6a9
SSDEEP

12288:HNLn2J8+XJ3HPoYo07jsMZa3EOAqC7WT0ltDQFSbBL1uccKslJy:tLnsZAz0vZ9hw0ffZqlJy

Score

10^/10

evasion execution persistence trojan

Malware Config

Targets

- Target
  
  MalwareBazaar.2
- Size
  
  1.3MB
- MD5
  
  ccc431f7f61f9aeec3cab9f01352214e
- SHA1
  
  11d0637469bafcdca12f5591457f2c5e4ca1af56
- SHA256
  
  466a54d0b40dae3da963f52da4b2e993deca81ee39a2bb4b6d41582e5feff5e3
- SHA512
  
  e57c280f57b5aa72362b502c963179470efd6114ac5ee52cff59cc8cca83e5d453e27e55e2495e00ce2549b322dad2920cb75e13edd43fa35033ea2f9813b6a9
- SSDEEP
  
  12288:HNLn2J8+XJ3HPoYo07jsMZa3EOAqC7WT0ltDQFSbBL1uccKslJy:tLnsZAz0vZ9hw0ffZqlJy
Score

10^/10

evasion execution persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionpersistencetrojan

behavioral2

evasionexecutiontrojan