a06cde0c4240c9cb0da4b2cd36b2e9c116cd19aab6724a088484f4dc95a87aaf | Triage

Submit
Reports

Overview

overview

Static

static

a06cde0c42...af.exe

windows7-x64

a06cde0c42...af.exe

windows10-2004-x64

Sharing

General

Target

a06cde0c4240c9cb0da4b2cd36b2e9c116cd19aab6724a088484f4dc95a87aaf
Size

160KB
Sample

221002-h3sakaddf3
MD5

43e5f86f81586d8d6c1b4fac4b6b4cd0
SHA1

c6940a2c2817359ab1a0b7ea560be3c0f97a72dc
SHA256

a06cde0c4240c9cb0da4b2cd36b2e9c116cd19aab6724a088484f4dc95a87aaf
SHA512

ace1b9deafa47bab4b7209ba4d9b214ecd5a054d0df1760fce5691cfa922e9a7513f2b1cca0de0b807261511a6bf0e36927ba5bbb773549b1812d0d38b63f6ee
SSDEEP

3072:TGrNIkMzZwveK8ss81GITFJ/G4bSGXO7QD56i:qrNrMzKeRIhzG4mG+MD59

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

a06cde0c4240c9cb0da4b2cd36b2e9c116cd19aab6724a088484f4dc95a87aaf.exe

Resource

win7-20220901-en

evasion persistence

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

a06cde0c4240c9cb0da4b2cd36b2e9c116cd19aab6724a088484f4dc95a87aaf.exe

Resource

win10v2004-20220901-en

evasion persistence

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  a06cde0c4240c9cb0da4b2cd36b2e9c116cd19aab6724a088484f4dc95a87aaf
- Size
  
  160KB
- MD5
  
  43e5f86f81586d8d6c1b4fac4b6b4cd0
- SHA1
  
  c6940a2c2817359ab1a0b7ea560be3c0f97a72dc
- SHA256
  
  a06cde0c4240c9cb0da4b2cd36b2e9c116cd19aab6724a088484f4dc95a87aaf
- SHA512
  
  ace1b9deafa47bab4b7209ba4d9b214ecd5a054d0df1760fce5691cfa922e9a7513f2b1cca0de0b807261511a6bf0e36927ba5bbb773549b1812d0d38b63f6ee
- SSDEEP
  
  3072:TGrNIkMzZwveK8ss81GITFJ/G4bSGXO7QD56i:qrNrMzKeRIhzG4mG+MD59
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2024

Terms | Privacy