Overview

overview

8

Static

static

1

VS.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VS.exe

  • Size

    501.9MB

  • Sample

    230331-xswybsea4s

  • MD5

    8d2f3562833dbffd2fd130f52bcfe8c3

  • SHA1

    5e2cf3d9eb67b8da239266265cebb989423b50c2

  • SHA256

    d39f8f45f12d0654d1ec357e88e3b2794ec3ba3fa3a59fe8879debb67ef166d5

  • SHA512

    c11f5d80afffad7471535f411d2d3ac166cdd288837329a69d84d6c94beaa989cb48df886cafcd70d6505c969accb967a3aafbc8aedef7cfb9a39938935b5c26

  • SSDEEP

    12582912:ArDcJZsqAHssJfEHW9GhFDVpw7etV2dHPYERilv:UWt69Gh1VW7HuERuv

Score
8/10
discoveryevasion

Malware Config

Targets

    • Target

      VS.exe

    • Size

      501.9MB

    • MD5

      8d2f3562833dbffd2fd130f52bcfe8c3

    • SHA1

      5e2cf3d9eb67b8da239266265cebb989423b50c2

    • SHA256

      d39f8f45f12d0654d1ec357e88e3b2794ec3ba3fa3a59fe8879debb67ef166d5

    • SHA512

      c11f5d80afffad7471535f411d2d3ac166cdd288837329a69d84d6c94beaa989cb48df886cafcd70d6505c969accb967a3aafbc8aedef7cfb9a39938935b5c26

    • SSDEEP

      12582912:ArDcJZsqAHssJfEHW9GhFDVpw7etV2dHPYERilv:UWt69Gh1VW7HuERuv

    Score
    8/10
    discoveryevasion

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks