1403cb0e1cd8ac15b81091264cd0697e73040cf84e7a907ced2bcad3a92d7bc6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zSQ6_KuaiVpn.exe.vir
Size

52.9MB
Sample

240714-qpg7favbkg
MD5

07d0a4878b79f794a0be337f39d072d3
SHA1

ef4880cb0078ab8fc93315178309941738cdb397
SHA256

1403cb0e1cd8ac15b81091264cd0697e73040cf84e7a907ced2bcad3a92d7bc6
SHA512

5922255857ce851df7ac046939d82da2cfeeec7093c305efa08f001c743a9dc78e7b2ae2fd4b6d20e451c4f6f3e4ccdc0e7545727d085af680d8a3d3a7af07ef
SSDEEP

786432:qhb0/Cb0/Cb0/Cb0/Cb0/Cb0/Cb0/yb0/Cb0/Cb0/Cb0/tNTxRzHh/wcHQRl0Ngu:GzzzzzzDzzzGpxRzHh/j4u+KCgY8

Score

10^/10

discovery evasion execution persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  zSQ6_KuaiVpn.exe.vir
- Size
  
  52.9MB
- MD5
  
  07d0a4878b79f794a0be337f39d072d3
- SHA1
  
  ef4880cb0078ab8fc93315178309941738cdb397
- SHA256
  
  1403cb0e1cd8ac15b81091264cd0697e73040cf84e7a907ced2bcad3a92d7bc6
- SHA512
  
  5922255857ce851df7ac046939d82da2cfeeec7093c305efa08f001c743a9dc78e7b2ae2fd4b6d20e451c4f6f3e4ccdc0e7545727d085af680d8a3d3a7af07ef
- SSDEEP
  
  786432:qhb0/Cb0/Cb0/Cb0/Cb0/Cb0/Cb0/yb0/Cb0/Cb0/Cb0/tNTxRzHh/wcHQRl0Ngu:GzzzzzzDzzzGpxRzHh/j4u+KCgY8
Score

10^/10

discovery evasion execution persistence privilege_escalation trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionexecutionpersistenceprivilege_escalationtrojan