babcb0c8311a89a4c9fc4cebcb7d267fe51cfa5991e2058425a61a316db51f07 | Triage

Submit
Reports

Overview

overview

8

Static

static

Multi MS Teams.exe

windows10-2004-x64

8

Sharing

General

Target

Multi MS Teams.exe
Size

4.8MB
Sample

221003-ptq5gafff6
MD5

0d06f074b3abfe064bedaa0263dd33be
SHA1

643d17c2ecaf1b388ff5691edf922e5e2fcb061f
SHA256

babcb0c8311a89a4c9fc4cebcb7d267fe51cfa5991e2058425a61a316db51f07
SHA512

41b104ca73a197361e62151d1e6305dec9ffda67b56b3c069f3800b32b3bb54d4d56f68c2edda33fd1576a8f624ec2ddb3679eb7c715e6997e1bc4e078eb0ab0
SSDEEP

24576:iPyp4eiMomBl00w9wu3gJL4t7qDL2PfrR9ADpQ3x2v8MgVUt+Wbn0TpqCILgKagm:6yp1ibPrwirmpQ3x2v8MgVknq/lkmwi

Score

8^/10

microsoft discovery persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

Multi MS Teams.exe

Resource

win10v2004-20220901-en

microsoft discovery persistence phishing

windows10-2004-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  Multi MS Teams.exe
- Size
  
  4.8MB
- MD5
  
  0d06f074b3abfe064bedaa0263dd33be
- SHA1
  
  643d17c2ecaf1b388ff5691edf922e5e2fcb061f
- SHA256
  
  babcb0c8311a89a4c9fc4cebcb7d267fe51cfa5991e2058425a61a316db51f07
- SHA512
  
  41b104ca73a197361e62151d1e6305dec9ffda67b56b3c069f3800b32b3bb54d4d56f68c2edda33fd1576a8f624ec2ddb3679eb7c715e6997e1bc4e078eb0ab0
- SSDEEP
  
  24576:iPyp4eiMomBl00w9wu3gJL4t7qDL2PfrR9ADpQ3x2v8MgVUt+Wbn0TpqCILgKagm:6yp1ibPrwirmpQ3x2v8MgVknq/lkmwi
Score

8^/10

microsoft discovery persistence phishing
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

microsoftdiscoverypersistencephishing

© 2018-2024

Terms | Privacy