95e0906f9082e3271bdc689ea298f4269cabc9c134930a3211c7a46fcb0e8135 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RE Request to identify state of access to www.txcourts.gov.msg
Size

68KB
Sample

230808-qmblwacg33
MD5

c427ea9082cad32b857f8137e38c8987
SHA1

4b3d0d18f84cd14a851bdcad5eab26b5d0ac7513
SHA256

95e0906f9082e3271bdc689ea298f4269cabc9c134930a3211c7a46fcb0e8135
SHA512

6d6cb08bbc58fc2bcc2c2e377007e5e28cc2272261c17927cb74f413daed3a8a05fac0bc0cb7cb293ed9984dcf93acdfa15e56d4e29cf69fd87f64b05c97f5fe
SSDEEP

768:va6qa+U78DplXZ0oaWsKpWsKwWsKpxWsKPizgWRbxpSDNAAji2Z0QWsKLWsKZBET:Ga+lnp8WxWoWhxW+LTQjWDWRKbcih

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  RE Request to identify state of access to www.txcourts.gov.msg
- Size
  
  68KB
- MD5
  
  c427ea9082cad32b857f8137e38c8987
- SHA1
  
  4b3d0d18f84cd14a851bdcad5eab26b5d0ac7513
- SHA256
  
  95e0906f9082e3271bdc689ea298f4269cabc9c134930a3211c7a46fcb0e8135
- SHA512
  
  6d6cb08bbc58fc2bcc2c2e377007e5e28cc2272261c17927cb74f413daed3a8a05fac0bc0cb7cb293ed9984dcf93acdfa15e56d4e29cf69fd87f64b05c97f5fe
- SSDEEP
  
  768:va6qa+U78DplXZ0oaWsKpWsKwWsKpxWsKPizgWRbxpSDNAAji2Z0QWsKLWsKZBET:Ga+lnp8WxWoWhxW+LTQjWDWRKbcih
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2