Overview

overview

8

Static

static

1

acousticsensor.gsc

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    acousticsensor.gsc

  • Size

    23KB

  • Sample

    230424-wl132afc9x

  • MD5

    4d53cc438eda6215e32473eae3db951a

  • SHA1

    e8ba57352a618381549967f97b80a77399d54da5

  • SHA256

    24c47f5a0d9d58fed0a8a993c978fbfa214c23086d10b008978c029c016c4fe6

  • SHA512

    45279a031f9fade67da2b5a8deed266bd8b5f9537d82f4bccc889950dd7cc879cf201159c718ffc90701923092320ba6f4634dd7a211aa2f73a304f73752bea7

  • SSDEEP

    384:Ly9TuLb+1NpR1T0l3NvdZ5O3jxVv251BdnvT1dSJV5YlweuEqzvXKkMwKh1cYUHE:LTLSj1gl6EmmjAF3wnP7

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      acousticsensor.gsc

    • Size

      23KB

    • MD5

      4d53cc438eda6215e32473eae3db951a

    • SHA1

      e8ba57352a618381549967f97b80a77399d54da5

    • SHA256

      24c47f5a0d9d58fed0a8a993c978fbfa214c23086d10b008978c029c016c4fe6

    • SHA512

      45279a031f9fade67da2b5a8deed266bd8b5f9537d82f4bccc889950dd7cc879cf201159c718ffc90701923092320ba6f4634dd7a211aa2f73a304f73752bea7

    • SSDEEP

      384:Ly9TuLb+1NpR1T0l3NvdZ5O3jxVv251BdnvT1dSJV5YlweuEqzvXKkMwKh1cYUHE:LTLSj1gl6EmmjAF3wnP7

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks