baa773e9140f77772a2b692a9665d92cc72944a8d28ba295fcf9ac1c1157d526 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c13e0d8b87c2f70475154afb30935d0N
Size

89KB
Sample

240912-kgw3qszcmc
MD5

3c13e0d8b87c2f70475154afb30935d0
SHA1

e365851aebc12fbe39e0dfc8530643643c17eb8d
SHA256

baa773e9140f77772a2b692a9665d92cc72944a8d28ba295fcf9ac1c1157d526
SHA512

ffdb0bbc7adcceeb6521347bfd68f7ac0c9e27f7aabee31daede23bf7db068023a88f0f0fc2c65ee9d4f7acaca72894b318d30b8566f077f90e335bb5aba9015
SSDEEP

384:scUSGGJjIDeE84r1Wn+LalQoH/k1/HHYyE0fbGf+3B9jTUiJFnh:sYXEBxHpu0f4+x9cizh

Score

10^/10

discovery evasion execution trojan

Malware Config

Targets

- Target
  
  3c13e0d8b87c2f70475154afb30935d0N
- Size
  
  89KB
- MD5
  
  3c13e0d8b87c2f70475154afb30935d0
- SHA1
  
  e365851aebc12fbe39e0dfc8530643643c17eb8d
- SHA256
  
  baa773e9140f77772a2b692a9665d92cc72944a8d28ba295fcf9ac1c1157d526
- SHA512
  
  ffdb0bbc7adcceeb6521347bfd68f7ac0c9e27f7aabee31daede23bf7db068023a88f0f0fc2c65ee9d4f7acaca72894b318d30b8566f077f90e335bb5aba9015
- SSDEEP
  
  384:scUSGGJjIDeE84r1Wn+LalQoH/k1/HHYyE0fbGf+3B9jTUiJFnh:sYXEBxHpu0f4+x9cizh
Score

10^/10

discovery evasion execution trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutiontrojan

behavioral2

discoveryevasionexecutiontrojan