5e2007ebe3dd0de3f1df5a6ea4e7388f40d6cbdb8c263a642b45bf76d3c7b8bb | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Gucci Mane...o].mp3

windows10-2004-x64

8

Resubmissions

05/10/2023, 13:55

231005-q74s6add44 8

05/10/2023, 13:43

231005-q1jjmsbd8w 8

05/10/2023, 13:42

231005-qzxd4sbd71 1

Sharing

General

Target

Gucci Mane, Bruno Mars, Kodak Black - Wake Up in The Sky [Official Music Video].mp3
Size

3.3MB
Sample

231005-q1jjmsbd8w
MD5

e6c2ed4793f568f7bd7d56735e00c60c
SHA1

faeea5905ddc8cf732e4dde3f29966808c657179
SHA256

5e2007ebe3dd0de3f1df5a6ea4e7388f40d6cbdb8c263a642b45bf76d3c7b8bb
SHA512

2f5f0151e4b42cd1e6f14790e86be26033f406b3c7ba8d8a322a56cf8d8dce81f573b371287570c449c6f21bf12696965f7cbf4305f900aa9215871d2bb41324
SSDEEP

98304:jDbniyUb5avYRmYdB8eeR6+O9KkeoeSWeRporKXv:jDWyeamdBH+qYetXv

Score

8^/10

discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Gucci Mane, Bruno Mars, Kodak Black - Wake Up in The Sky [Official Music Video].mp3

Resource

win10v2004-20230915-en

discovery evasion persistence trojan

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  Gucci Mane, Bruno Mars, Kodak Black - Wake Up in The Sky [Official Music Video].mp3
- Size
  
  3.3MB
- MD5
  
  e6c2ed4793f568f7bd7d56735e00c60c
- SHA1
  
  faeea5905ddc8cf732e4dde3f29966808c657179
- SHA256
  
  5e2007ebe3dd0de3f1df5a6ea4e7388f40d6cbdb8c263a642b45bf76d3c7b8bb
- SHA512
  
  2f5f0151e4b42cd1e6f14790e86be26033f406b3c7ba8d8a322a56cf8d8dce81f573b371287570c449c6f21bf12696965f7cbf4305f900aa9215871d2bb41324
- SSDEEP
  
  98304:jDbniyUb5avYRmYdB8eeR6+O9KkeoeSWeRporKXv:jDWyeamdBH+qYetXv
Score

8^/10

discovery evasion persistence trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy