a2afda47f4169023bca3c730a48e58d6c40e84236b959a871e883ded3304d5fb | Triage

Submit
Reports

Overview

overview

Static

static

AECOM Gene...on.exe

windows7_x64

AECOM Gene...on.exe

windows10_x64

3

Sharing

General

Target

AECOM General Presentation.exe
Size

313KB
Sample

200629-m7vn6849he
MD5

7fa2d91fa5382248b2731acc75f003a0
SHA1

7576165f1ce2d81ac9963b72e74e28c9934e3a04
SHA256

a2afda47f4169023bca3c730a48e58d6c40e84236b959a871e883ded3304d5fb
SHA512

09c2d3d216ca967238029bb617bb006879050492de0bf20a46a5dc071dd0eaa4eb863180c9fc938f4fcbc79fa900dcb154ae600ac6e091c6e2b3c92965ef0024

Score

10^/10

evasion persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

AECOM General Presentation.exe

Resource

win7

evasion trojan persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AECOM General Presentation.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  AECOM General Presentation.exe
- Size
  
  313KB
- MD5
  
  7fa2d91fa5382248b2731acc75f003a0
- SHA1
  
  7576165f1ce2d81ac9963b72e74e28c9934e3a04
- SHA256
  
  a2afda47f4169023bca3c730a48e58d6c40e84236b959a871e883ded3304d5fb
- SHA512
  
  09c2d3d216ca967238029bb617bb006879050492de0bf20a46a5dc071dd0eaa4eb863180c9fc938f4fcbc79fa900dcb154ae600ac6e091c6e2b3c92965ef0024
Score

10^/10

evasion trojan persistence spyware
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Looks for VirtualBox Guest Additions in registry
- Adds Run entry to policy start application
  persistence
- Looks for VMWare Tools registry key
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanpersistencespyware

behavioral2

© 2018-2024

Terms | Privacy