b9eef03a073a32cdb4c89268a0574fa9a21e9920813ecebcd9012ce081d32824 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Install-GooglePlayGames-Beta.exe
Size

1.3MB
Sample

230930-vlv2caeb6y
MD5

f4e84cb74ed7816fdacc509453bbce7d
SHA1

0fb2ba81f7219d4f10803844d74a29dcb2c5434c
SHA256

b9eef03a073a32cdb4c89268a0574fa9a21e9920813ecebcd9012ce081d32824
SHA512

6677d21cf729945f8dce4a3e558601952127077b0ce931cea87216f9dc54d09f927d3390a6cbe9a8a8205597d15e1db4b07ffdbc29d7b3d2edf9a0b32c637cc7
SSDEEP

24576:PJvK78SzsMZCRMp8nFNJ3dcj7zql5Tnoo6WOnLpymOovCce36Ft6pAlxzIBaGq:FK783MoXnFv3dcj7q5LsLp3CceMuczXr

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  Install-GooglePlayGames-Beta.exe
- Size
  
  1.3MB
- MD5
  
  f4e84cb74ed7816fdacc509453bbce7d
- SHA1
  
  0fb2ba81f7219d4f10803844d74a29dcb2c5434c
- SHA256
  
  b9eef03a073a32cdb4c89268a0574fa9a21e9920813ecebcd9012ce081d32824
- SHA512
  
  6677d21cf729945f8dce4a3e558601952127077b0ce931cea87216f9dc54d09f927d3390a6cbe9a8a8205597d15e1db4b07ffdbc29d7b3d2edf9a0b32c637cc7
- SSDEEP
  
  24576:PJvK78SzsMZCRMp8nFNJ3dcj7zql5Tnoo6WOnLpymOovCce36Ft6pAlxzIBaGq:FK783MoXnFv3dcj7q5LsLp3CceMuczXr
Score

8^/10

evasion persistence
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence