6f8ba50c67083504a4dbc064f0d7e172ee9205db65557a12fd3193749fb8651b | Triage

Submit
Reports

Overview

overview

7

Static

static

1

WinSCP-5.2...up.exe

windows7-x64

7

WinSCP-5.2...up.exe

windows10-2004-x64

7

Sharing

General

Target

WinSCP-5.21.7-Setup.exe
Size

10.9MB
Sample

230418-jdqk4sbh9z
MD5

4b6dcc18e7ea50caab02f11d9abb3dee
SHA1

fd36c8ff64d2cabb7c35bb2e9100f5245544ecf2
SHA256

6f8ba50c67083504a4dbc064f0d7e172ee9205db65557a12fd3193749fb8651b
SHA512

ef9c0dbfb52919c3d420320406e3487892a5be30aa275d32981e799cb4711abe54e11085c3c9131073a0e012763db994acd0039c36475b0c35ebe54fe84a8a63
SSDEEP

196608:wCIA4//b/VVVLXx1is5RFZ06uhRrvh311cJGB/NP9AhXxtJUyT5:rO/r5fltZBQN5l1lB18X/JUy

Score

7^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

WinSCP-5.21.7-Setup.exe

Resource

win7-20230220-en

discovery persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

WinSCP-5.21.7-Setup.exe

Resource

win10v2004-20230220-en

discovery persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  WinSCP-5.21.7-Setup.exe
- Size
  
  10.9MB
- MD5
  
  4b6dcc18e7ea50caab02f11d9abb3dee
- SHA1
  
  fd36c8ff64d2cabb7c35bb2e9100f5245544ecf2
- SHA256
  
  6f8ba50c67083504a4dbc064f0d7e172ee9205db65557a12fd3193749fb8651b
- SHA512
  
  ef9c0dbfb52919c3d420320406e3487892a5be30aa275d32981e799cb4711abe54e11085c3c9131073a0e012763db994acd0039c36475b0c35ebe54fe84a8a63
- SSDEEP
  
  196608:wCIA4//b/VVVLXx1is5RFZ06uhRrvh311cJGB/NP9AhXxtJUyT5:rO/r5fltZBQN5l1lB18X/JUy
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy