General
-
Target
f705ac114767397fb5e7cd1603e70954.zip
-
Size
947KB
-
Sample
230403-aqpd5sdb6w
-
MD5
1c18bd70d7d2c482d09e4328ebad0ea6
-
SHA1
51f906d225df7bd9b85a4ed99f48c94ddb931428
-
SHA256
4a02d610ab81e5a1861407c729775d15859b5c77e4e2894b230285b95155d020
-
SHA512
26bb219939b8b48af66ede485eb522b2d22a094aa48c996ceda17244977b514a759250cdf627de6cb4eebb1bcff2ad9c868f2c710278b04974e1a83e66ce2c04
-
SSDEEP
24576:sv+KuewubKqd2AAC3tKwvQ54IlqysEQJURvytUzg0:sVuLpqkBCdtQmIIBHURP5
Static task
static1
Behavioral task
behavioral1
Sample
config.reg
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
importantUpdate.bat
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
config.reg
-
Size
16.4MB
-
MD5
f705ac114767397fb5e7cd1603e70954
-
SHA1
256eb7bc8eb06baf17dd9cb99d11a68caea0d8e9
-
SHA256
97d7fc21caf2e830076d8d880bdfe906fae5a4925e6c1012087b764a75989089
-
SHA512
b086bbd7b14e2cc60107aa8bfdf102fe0f7c81d2dab22937361362b52edd0ac33b3b841c25d0af84e36f7f6330d1bcf1a5ab17b3eac4076a37f1b46a26129999
-
SSDEEP
12288:7mo9FVn0sQZR9IOKHFqCAn0IEUhrDRB6G+tl5vwKMq7e41u:fKS3hlUhrDRB6G4wKMq2
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Adds Run key to start application
-
-
-
Target
importantUpdate.bat
-
Size
1016B
-
MD5
bf16a6aec517b7ec9c5d6eb3f4c60824
-
SHA1
b8d09f82977f780289252d7ce1eae087389dec3d
-
SHA256
fc4de26ede0690dbc4ef4ed7ffcc28c086d5c8998f2cbe1e2c3c20516c7da2db
-
SHA512
eda82a101e38fad8b49bbaee708f7e81ebf62ed41d3172d34c97b71b415a2019fc87672cfc94479c3a7c28a24f8d5a9a89a395db869a906d4dfd42e6ed5feedd
Score8/10-
Creates new service(s)
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
3Browser Extensions
1New Service
1Hidden Files and Directories
1Defense Evasion
Modify Registry
6Bypass User Account Control
1Disabling Security Tools
1Hidden Files and Directories
1