ta505 | 06374fa62644dd185010c3dc9fd03c7ee0448a54a34ac2d6ba2eb54bb2fff6c4 | Triage

Sharing

General

Target

8631519101.zip
Size

9.7MB
Sample

230109-nflr6aea33
MD5

6d1b69b17e105c9558902f403ec49742
SHA1

1d12cbaf6807a413515cc618788eb7bd5b4bf250
SHA256

06374fa62644dd185010c3dc9fd03c7ee0448a54a34ac2d6ba2eb54bb2fff6c4
SHA512

ac1beba86328595cdfe34a299725a1f52d2345b76530c5a31a92972e10d433c366ae5ca5ce3bb68e0283635e37e7a15d7652e198eb8704df4b05552b5960dd9f
SSDEEP

196608:lx3WzcSTSMeY1Qc33P0kXj/tBsUFpuTgWbO0TP2F73eYRyX:lx3Wzv2OP0EWUSgSNTwb3a

Score

10^/10

ta505

Malware Config

Targets

- Target
  
  e4edb4cc8f35c7bab6e89774a279593d492714fce9865e53879f87d3704ad96c
- Size
  
  11.0MB
- MD5
  
  c4e9e9a06001c6197de2ea2fec3d2214
- SHA1
  
  369006350f6b4c43c7f51a90deb5e73a20156b55
- SHA256
  
  e4edb4cc8f35c7bab6e89774a279593d492714fce9865e53879f87d3704ad96c
- SHA512
  
  00008fd26c3047afbbc73fc19d20700861e9501b1c9509b7abcfd218a814a2b0aa24fa934338942aee809ca53240b539e77f6d91013cae0eee076282e4047156
- SSDEEP
  
  196608:6e9dQDU9N3glGcBo/6xDD7yLEY2sNd0nOn1q1eUD9p8b3lWG7uCMkCA:N8g91gGcBD7yLfmz1rGYG6CMi
Score

10^/10

ta505
- TA505
  Cybercrime group active since 2015, responsible for families like Dridex and Locky.
  ta505
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2