c65279379fdbfeb0df93dcbc34389aa4fa763cafeeedda5396ede0ccb01e3ff3 | Triage

Submit
Reports

Overview

overview

Static

static

3

c65279379f...f3.exe

windows7-x64

c65279379f...f3.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c65279379fdbfeb0df93dcbc34389aa4fa763cafeeedda5396ede0ccb01e3ff3
Size

4.3MB
Sample

240806-cy7lss1bnc
MD5

809d73f0080dd3194309ec2e30c21bfb
SHA1

495196e140b5f5edcc4fc6911590930b6c484431
SHA256

c65279379fdbfeb0df93dcbc34389aa4fa763cafeeedda5396ede0ccb01e3ff3
SHA512

9bc809f240bf5ca75e4fa37d505457d906d4ac7cad5d8d10da4834657a484ae0f7a26fd3c5700edb92f4450fb59f2350d16b75aeac87304948a355d955a18a89
SSDEEP

98304:7Taxbr2I7ETD+kjKdWMDMl65QSdefgwsMpCwJVejcoPjr:7YGGEBkDKSooPMpChnPjr

Score

10^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c65279379fdbfeb0df93dcbc34389aa4fa763cafeeedda5396ede0ccb01e3ff3.exe

Resource

win7-20240704-en

discovery evasion persistence privilege_escalation trojan

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

c65279379fdbfeb0df93dcbc34389aa4fa763cafeeedda5396ede0ccb01e3ff3.exe

Resource

win10v2004-20240802-en

discovery evasion persistence privilege_escalation

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  c65279379fdbfeb0df93dcbc34389aa4fa763cafeeedda5396ede0ccb01e3ff3
- Size
  
  4.3MB
- MD5
  
  809d73f0080dd3194309ec2e30c21bfb
- SHA1
  
  495196e140b5f5edcc4fc6911590930b6c484431
- SHA256
  
  c65279379fdbfeb0df93dcbc34389aa4fa763cafeeedda5396ede0ccb01e3ff3
- SHA512
  
  9bc809f240bf5ca75e4fa37d505457d906d4ac7cad5d8d10da4834657a484ae0f7a26fd3c5700edb92f4450fb59f2350d16b75aeac87304948a355d955a18a89
- SSDEEP
  
  98304:7Taxbr2I7ETD+kjKdWMDMl65QSdefgwsMpCwJVejcoPjr:7YGGEBkDKSooPMpChnPjr
Score

10^/10

discovery evasion persistence privilege_escalation trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy