8216626036fdf57a5bdb426bef50a9ea1ef21bdbeb7da03313c8a3105a8fc162 | Triage

Sharing

General

Target

PanSage_@ABYSZ_TROJAN.exe
Size

11.5MB
Sample

241227-w7n1laxpdv
MD5

785f574ddadd7d9e754f66e9afeb8609
SHA1

d40142f8774726feb85020cf0d9d8bd8e40be3da
SHA256

8216626036fdf57a5bdb426bef50a9ea1ef21bdbeb7da03313c8a3105a8fc162
SHA512

74c5b7bf575b6d2521422af8d5ce6dc5bf437b5648ac2a3932cb65c42a66ba5f19e62e76ff5d62b9d66f322b134571cef30fe5c603ee727d3f638647ef85f721
SSDEEP

196608:KoFToauUxbAQvaNJm3AqowejuJDUX47dwdW0BBbnTWkYPy1hj4Trxu:JFZxy/m3poaUX47d47NB4c

Score

10^/10

discovery evasion pyinstaller trojan

Malware Config

Targets

- Target
  
  PanSage_@ABYSZ_TROJAN.exe
- Size
  
  11.5MB
- MD5
  
  785f574ddadd7d9e754f66e9afeb8609
- SHA1
  
  d40142f8774726feb85020cf0d9d8bd8e40be3da
- SHA256
  
  8216626036fdf57a5bdb426bef50a9ea1ef21bdbeb7da03313c8a3105a8fc162
- SHA512
  
  74c5b7bf575b6d2521422af8d5ce6dc5bf437b5648ac2a3932cb65c42a66ba5f19e62e76ff5d62b9d66f322b134571cef30fe5c603ee727d3f638647ef85f721
- SSDEEP
  
  196608:KoFToauUxbAQvaNJm3AqowejuJDUX47dwdW0BBbnTWkYPy1hj4Trxu:JFZxy/m3poaUX47d47NB4c
Score

10^/10

discovery evasion trojan
- UAC bypass
  evasion trojan
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasiontrojan