9d28f2b2cee98295c9164a009ad030bd1bd75e88aa2abd46ab0a0dd6b0731ff7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9d28f2b2cee98295c9164a009ad030bd1bd75e88aa2abd46ab0a0dd6b0731ff7
Size

410KB
Sample

221125-3nt6tsac4z
MD5

66d12273af945655807b92abf26a55b5
SHA1

789898c0e7aed7982d4d3d34462aa67b561f96db
SHA256

9d28f2b2cee98295c9164a009ad030bd1bd75e88aa2abd46ab0a0dd6b0731ff7
SHA512

13e2e288f70d0aaa4cb056472592052f6979a3ab885e22544e0d18c62e2e69ac469f5447a0671d4719a14dc429fc935bd51abcbc5f43fa62fa9510dbeec80ad7
SSDEEP

12288:aisBCWXPR17nZvwXCFZL67xeIikWm23yw73Yw7JprySjZ:ebnZOiZWlEzH73Yir5t

Score

9^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  bit_che_install.exe
- Size
  
  787KB
- MD5
  
  1b06e4f31743ce64a4db12c3a71ae098
- SHA1
  
  0c72561f6776f83aef89bb1c8b89f6464d4435b2
- SHA256
  
  50916cbaf2449a17b7989b978656882f977a52df7e8417989a0bfd31be81103b
- SHA512
  
  73c798c7a6c6ffe0e51d0d0e68aa2c5558b2f146201de43b565da84aa2bed0534ba3a0ea53053942b23163ae46fff52d82efc7995825fb0f3c785de019e95b44
- SSDEEP
  
  12288:lXHJGDA7urFN/5OfIP4iiZGJNCjcxn9dNN:9HoDAKrD/c+4nZ6NGcxn9dN
Score

9^/10

discovery evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasionpersistence