5a82edc7ddaba16d5f8fc6f5b89b4a74407e219ee41953497928a0654a7ad568 | Triage

Submit
Reports

Overview

overview

Static

static

5

5a82edc7dd...68.exe

windows7-x64

5a82edc7dd...68.exe

windows10-2004-x64

Sharing

General

Target

5a82edc7ddaba16d5f8fc6f5b89b4a74407e219ee41953497928a0654a7ad568
Size

1.1MB
Sample

221129-gsf9wafd31
MD5

dd5a580c6f3b8a648abf18a16130ceb9
SHA1

0911830abe67a1a00f9bb27991bdfae4b3648a3e
SHA256

5a82edc7ddaba16d5f8fc6f5b89b4a74407e219ee41953497928a0654a7ad568
SHA512

0943bc2182c749b1f80682e8f33e068b428d52e9bfb4dfe76178da5a71b865f1a7ea838d1f2384b205c1bc8d3805b4c4349663c1502be64873717d68918b36c5
SSDEEP

6144:g/8JeJfEuGs8k/bUlgqjpJDHCq17WSTLp980sbpy3KR/ie5bBb2Y+Ns:NJeJfEuGstgg/kjp98zHpie5tos

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5a82edc7ddaba16d5f8fc6f5b89b4a74407e219ee41953497928a0654a7ad568.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5a82edc7ddaba16d5f8fc6f5b89b4a74407e219ee41953497928a0654a7ad568.exe

Resource

win10v2004-20221111-en

evasion persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5a82edc7ddaba16d5f8fc6f5b89b4a74407e219ee41953497928a0654a7ad568
- Size
  
  1.1MB
- MD5
  
  dd5a580c6f3b8a648abf18a16130ceb9
- SHA1
  
  0911830abe67a1a00f9bb27991bdfae4b3648a3e
- SHA256
  
  5a82edc7ddaba16d5f8fc6f5b89b4a74407e219ee41953497928a0654a7ad568
- SHA512
  
  0943bc2182c749b1f80682e8f33e068b428d52e9bfb4dfe76178da5a71b865f1a7ea838d1f2384b205c1bc8d3805b4c4349663c1502be64873717d68918b36c5
- SSDEEP
  
  6144:g/8JeJfEuGs8k/bUlgqjpJDHCq17WSTLp980sbpy3KR/ie5bBb2Y+Ns:NJeJfEuGstgg/kjp98zHpie5tos
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2024

Terms | Privacy