b14edd2a57b7056dbdc61b3e637b1b1045d29c8defed8e85cbea68479bd4951e | Triage

Sharing

General

Target

FISHAO installer.zip
Size

28.0MB
Sample

230130-scsthsag74
MD5

65d7b90c40ec820baef9a97ce9f5f2de
SHA1

3e3e25e38b7c7f01a93378ce24e452aea9186197
SHA256

b14edd2a57b7056dbdc61b3e637b1b1045d29c8defed8e85cbea68479bd4951e
SHA512

19c0008fb08a7e1db337d34810f26e0554f3849cb166dee584fb4a224d86deb9586c650b18a571ec519058a013104194c48cf9a56a73a65d8d27551f71aa1d66
SSDEEP

786432:ijQND56HSR8kPVBzauDbBUiEgacKQ7vMsp6Sc:ST6BDzdEgvKgVO

Score

8^/10

discovery evasion exploit persistence

Malware Config

Targets

- Target
  
  FISHAO installer.zip
- Size
  
  28.0MB
- MD5
  
  65d7b90c40ec820baef9a97ce9f5f2de
- SHA1
  
  3e3e25e38b7c7f01a93378ce24e452aea9186197
- SHA256
  
  b14edd2a57b7056dbdc61b3e637b1b1045d29c8defed8e85cbea68479bd4951e
- SHA512
  
  19c0008fb08a7e1db337d34810f26e0554f3849cb166dee584fb4a224d86deb9586c650b18a571ec519058a013104194c48cf9a56a73a65d8d27551f71aa1d66
- SSDEEP
  
  786432:ijQND56HSR8kPVBzauDbBUiEgacKQ7vMsp6Sc:ST6BDzdEgvKgVO
Score

1^/10
behavioral1 behavioral2
- Target
  
  FISHAO installer.exe
- Size
  
  28.6MB
- MD5
  
  79562ee512959d484a4be5fd89849246
- SHA1
  
  8381a02fab4e1fc8d7cb555d0afb143b30f39faf
- SHA256
  
  d2d7d15568fbfac8356140cc1a2e985a73b174ab0f2cd644976b632405f03030
- SHA512
  
  da5c4a33c843938da7c5985f6b75285afc49f17a9d6695c9987033730af5d226053ea021fc2e381d78be684ef95aca3d5c603f558eb4c6b31c656f80949e8a18
- SSDEEP
  
  786432:N15nhIpsF4wpJPpSGRXpaOyOuUsETNkyBy6h:N+I9fpvyOZs4vP
Score

8^/10

discovery evasion exploit persistence
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Registers COM server for autorun
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Impair Defenses

File Permissions Modification

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

discoveryevasionexploitpersistence