Overview

overview

7

Static

static

3

CustomRP.1.17.8.exe

windows10-1703-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CustomRP.1.17.8.exe

  • Size

    4.9MB

  • Sample

    230603-kev3nage3s

  • MD5

    de72285902e7a019a0f51f19e4e86d2e

  • SHA1

    57831c59b753fa020ab53135d8a86f6d95e41667

  • SHA256

    cea3a9f2349a4986e2a5423867aa74b2d9fa178395730513e8106d39e523eeab

  • SHA512

    e7542904fc6e02e36371fe94ffa44563d0ff3eef28e2659edf0eab8a0e38f6043ae4d5122cb61687f118c912d848c817f2152bd76632ae5458f76feea26d26f8

  • SSDEEP

    98304:AkLPuTOMbK5fKO1hIrnPu52mLetEgna3301cCBA:fPuxbKNKO1SW0tKgna33ZCBA

Score
7/10
microsoftdiscoveryphishing

Malware Config

Targets

    • Target

      CustomRP.1.17.8.exe

    • Size

      4.9MB

    • MD5

      de72285902e7a019a0f51f19e4e86d2e

    • SHA1

      57831c59b753fa020ab53135d8a86f6d95e41667

    • SHA256

      cea3a9f2349a4986e2a5423867aa74b2d9fa178395730513e8106d39e523eeab

    • SHA512

      e7542904fc6e02e36371fe94ffa44563d0ff3eef28e2659edf0eab8a0e38f6043ae4d5122cb61687f118c912d848c817f2152bd76632ae5458f76feea26d26f8

    • SSDEEP

      98304:AkLPuTOMbK5fKO1hIrnPu52mLetEgna3301cCBA:fPuxbKNKO1SW0tKgna33ZCBA

    Score
    7/10
    microsoftdiscoveryphishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks