1bed372c2eac53075a040d6f2aae22659e0e0fee2ce21835dd95e3c580cc1e05 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

setup_Ir5s...wK.exe

windows7-x64

8

setup_Ir5s...wK.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

setup_Ir5swQ5DpeRNwxXBTQuvwewK.exe.v
Size

116.4MB
Sample

241015-e9nzyazakq
MD5

d164724461b25eb363a1a31d3333cc65
SHA1

6c1192a6e79fbc1b9c5d415fa98567d87be0b2c9
SHA256

1bed372c2eac53075a040d6f2aae22659e0e0fee2ce21835dd95e3c580cc1e05
SHA512

bdb591a44e49cddb56e130b67d4c1f202b362cb64e53ba0608a1408863147f9953d57f17cdafdd5946061318f0825e950dd690f92ace8b88d582a94ad8452548
SSDEEP

3145728:jLH+5LLf4eHgCo6iYPR0vGQNb5ZdqIUhEb0TsT8SO5i:fe5XHggiYPGvDh7dqx2b0T1SO5i

Score

8^/10

discovery evasion execution persistence privilege_escalation trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

setup_Ir5swQ5DpeRNwxXBTQuvwewK.exe

Resource

win7-20240903-en

discovery evasion execution persistence privilege_escalation trojan

windows7-x64

32 signatures

150 seconds

Behavioral task

behavioral2

Sample

setup_Ir5swQ5DpeRNwxXBTQuvwewK.exe

Resource

win10v2004-20241007-en

discovery evasion execution persistence privilege_escalation trojan

windows10-2004-x64

31 signatures

150 seconds

Malware Config

Targets

- Target
  
  setup_Ir5swQ5DpeRNwxXBTQuvwewK.exe.v
- Size
  
  116.4MB
- MD5
  
  d164724461b25eb363a1a31d3333cc65
- SHA1
  
  6c1192a6e79fbc1b9c5d415fa98567d87be0b2c9
- SHA256
  
  1bed372c2eac53075a040d6f2aae22659e0e0fee2ce21835dd95e3c580cc1e05
- SHA512
  
  bdb591a44e49cddb56e130b67d4c1f202b362cb64e53ba0608a1408863147f9953d57f17cdafdd5946061318f0825e950dd690f92ace8b88d582a94ad8452548
- SSDEEP
  
  3145728:jLH+5LLf4eHgCo6iYPR0vGQNb5ZdqIUhEb0TsT8SO5i:fe5XHggiYPGvDh7dqx2b0T1SO5i
Score

8^/10

discovery evasion execution persistence privilege_escalation trojan
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Stops running service(s)
  evasion execution
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Server Software Component

Terminal Services DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Impair Defenses

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasionexecutionpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy