6e8cbe871f203f579f3e63fcf4808624670bc0197ce46d51b0a0cb60725488c7 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

EAappInsta...1).exe

windows7-x64

8

EAappInsta...1).exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

EAappInstaller (1).exe
Size

1.4MB
Sample

240814-v8gr8svcnc
MD5

05c4db31b12e08e6e47853f93766ba29
SHA1

db03027e9f7c8a5bb283dc659d50844529d2e952
SHA256

6e8cbe871f203f579f3e63fcf4808624670bc0197ce46d51b0a0cb60725488c7
SHA512

f3e85397a2b5b7fa641e6d130f61db0d332215f0c77594399644691991d9a17ec7532e485cf88aed215259a9052a68e5b8fe02b0c5f32a292f1fa246ffd4c242
SSDEEP

24576:RNsfiTdYSuVzZH9tH1v1cIP7YqZN5dvDrtrGYdTjAngDumdXfTmi:VT2pZ1R7YqZ7drrtr9TMgpdXCi

Score

8^/10

discovery evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

EAappInstaller (1).exe

Resource

win7-20240705-en

discovery evasion trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

EAappInstaller (1).exe

Resource

win10v2004-20240802-en

discovery evasion trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  EAappInstaller (1).exe
- Size
  
  1.4MB
- MD5
  
  05c4db31b12e08e6e47853f93766ba29
- SHA1
  
  db03027e9f7c8a5bb283dc659d50844529d2e952
- SHA256
  
  6e8cbe871f203f579f3e63fcf4808624670bc0197ce46d51b0a0cb60725488c7
- SHA512
  
  f3e85397a2b5b7fa641e6d130f61db0d332215f0c77594399644691991d9a17ec7532e485cf88aed215259a9052a68e5b8fe02b0c5f32a292f1fa246ffd4c242
- SSDEEP
  
  24576:RNsfiTdYSuVzZH9tH1v1cIP7YqZN5dvDrtrGYdTjAngDumdXfTmi:VT2pZ1R7YqZ7drrtr9TMgpdXCi
Score

8^/10

discovery evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan

© 2018-2025

Terms | Privacy