9d6b00b1a8511d17476772ed9190d4321a112dd4807d98e865ff1d40e547b680 | Triage

Submit
Reports

Overview

overview

Static

static

1

run.bat

windows10-2004-x64

Sharing

General

Target

MAIN.zip
Size

16KB
Sample

230607-yrrsnafh51
MD5

c8c142b326e82024d47f27a380c7fcca
SHA1

5e5c2b58c806ffbc532f586bd685c99898c781a7
SHA256

9d6b00b1a8511d17476772ed9190d4321a112dd4807d98e865ff1d40e547b680
SHA512

6e4dc9d6b1c61a1d4c9ad5e5e6afea2081d909b81d59885b7e4e225307afe1b84c5cfe3bc8cc409844cad6f5657c51bf0894c63139d4a7f397aa1b8094f5cd19
SSDEEP

384:oqZdKkv53Y61705PloEwcpuqvp0d/D3zGcIaO/uK8cWDRVGB:P5blWuCmAOON8XVS

Score

10^/10

microsoft discovery evasion persistence phishing trojan

Static task

static1

Behavioral task

behavioral1

Sample

run.bat

Resource

win10v2004-20230220-en

microsoft discovery evasion persistence phishing trojan

windows10-2004-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  run.bat
- Size
  
  929B
- MD5
  
  d29013903a60a5b84a29cf152241535e
- SHA1
  
  7f7d46052e60087b6036928e4f0d1721804a5b35
- SHA256
  
  04e6b196ae19807ee0dab6f3441a7a66ea8f6b28012bbb30acf276b10d2b14ae
- SHA512
  
  69f7a82d81afd714d456c0c7cb34b5ccb0a775d0d8eaddad8cb2bff22f6a4e83e2a7d5809a24b43c6affb2d85ce3e6f0dc521c5191d6fb8a953772d122fe9ab1
Score

10^/10

microsoft discovery evasion persistence phishing trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

microsoftdiscoveryevasionpersistencephishingtrojan

© 2018-2024

Terms | Privacy