8b8d53cffef85118daf38a0c82a357b255bab792de3db85a76557c06b7af9398 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

win64_152824.exe
Size

125.7MB
Sample

230305-lc1e2agb73
MD5

cfefbca234a6a5e768f24bb4e8d48d81
SHA1

788ed2d229fe51b7e8553fcca775849e0c95c8d4
SHA256

8b8d53cffef85118daf38a0c82a357b255bab792de3db85a76557c06b7af9398
SHA512

89124028c7676d649da1d0032381db0d7ee398b15a39f18be7c2b8ea107d94aacba67b949b500d6597af86d6fa2cb021d5b7a5d78c1751d6cec5f1b777d8df6b
SSDEEP

3145728:um3qLzNRCO6wWNpYY5atH5iuhXtCrSIaM8NYSFlf5vxEUNqylMsl2tcj:6ltW/YY4tHLltC5SBOUNbX

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  win64_152824.exe
- Size
  
  125.7MB
- MD5
  
  cfefbca234a6a5e768f24bb4e8d48d81
- SHA1
  
  788ed2d229fe51b7e8553fcca775849e0c95c8d4
- SHA256
  
  8b8d53cffef85118daf38a0c82a357b255bab792de3db85a76557c06b7af9398
- SHA512
  
  89124028c7676d649da1d0032381db0d7ee398b15a39f18be7c2b8ea107d94aacba67b949b500d6597af86d6fa2cb021d5b7a5d78c1751d6cec5f1b777d8df6b
- SSDEEP
  
  3145728:um3qLzNRCO6wWNpYY5atH5iuhXtCrSIaM8NYSFlf5vxEUNqylMsl2tcj:6ltW/YY4tHLltC5SBOUNbX
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2