d532124d1c4d7450fdd56c40c453566d2e12e03c9b6776605f36f831633f89f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d532124d1c4d7450fdd56c40c453566d2e12e03c9b6776605f36f831633f89f7N
Size

343KB
Sample

240928-vtqftszcrg
MD5

f3bea5333efe7f8645cb4ff4bfd76d80
SHA1

d2d46d59da538e4b48b07be405be3f82f26cd097
SHA256

d532124d1c4d7450fdd56c40c453566d2e12e03c9b6776605f36f831633f89f7
SHA512

29080f4bc07b7c84c4d8796b0aa5919700e65ad7beb1fdd7fe4b89e18e51762925e5380cc840aed70b673c96c5a85edf8f9801186811cb48285934bb018d8b53
SSDEEP

6144:vWI9bjDLpaPqHJ3XC/oYPgYB1Hv12nnPxFSMuQ9n0nufGL4eVT5jTvctZBKk90yw:vW2KqFy/o+FuPP7nsPL4eX3wXKz

Score

8^/10

discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  d532124d1c4d7450fdd56c40c453566d2e12e03c9b6776605f36f831633f89f7N
- Size
  
  343KB
- MD5
  
  f3bea5333efe7f8645cb4ff4bfd76d80
- SHA1
  
  d2d46d59da538e4b48b07be405be3f82f26cd097
- SHA256
  
  d532124d1c4d7450fdd56c40c453566d2e12e03c9b6776605f36f831633f89f7
- SHA512
  
  29080f4bc07b7c84c4d8796b0aa5919700e65ad7beb1fdd7fe4b89e18e51762925e5380cc840aed70b673c96c5a85edf8f9801186811cb48285934bb018d8b53
- SSDEEP
  
  6144:vWI9bjDLpaPqHJ3XC/oYPgYB1Hv12nnPxFSMuQ9n0nufGL4eVT5jTvctZBKk90yw:vW2KqFy/o+FuPP7nsPL4eX3wXKz
Score

8^/10

discovery evasion persistence trojan
- Adds policy Run key to start application
  persistence
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoveryevasionpersistencetrojan