59c7db4342856a8b2a9e89bef68be3d0b89e263f1002dbaeaba9f7d6619e2245 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SlackSetup.exe
Size

112.6MB
Sample

231012-pkeebahh9t
MD5

cd7971f914ab92638694150f4b0e445a
SHA1

c20c1d562044db829d4d2999fc4403c760583332
SHA256

59c7db4342856a8b2a9e89bef68be3d0b89e263f1002dbaeaba9f7d6619e2245
SHA512

3d1e1681b63f4d1fdfde9583b88f3fcb79fe6bd6e163611f42a3270ad4e04ec119ec7bacf120c3623b0556bb41689fab90fca02dfe44c58f9221ae2a793718ce
SSDEEP

3145728:MzVwsehQ5oHOfgWBKkt0ba0+ti1OmHF1QTNKAw8inSMPw8Y6FxfE:sGmt10+wOGFCpzopTM

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  SlackSetup.exe
- Size
  
  112.6MB
- MD5
  
  cd7971f914ab92638694150f4b0e445a
- SHA1
  
  c20c1d562044db829d4d2999fc4403c760583332
- SHA256
  
  59c7db4342856a8b2a9e89bef68be3d0b89e263f1002dbaeaba9f7d6619e2245
- SHA512
  
  3d1e1681b63f4d1fdfde9583b88f3fcb79fe6bd6e163611f42a3270ad4e04ec119ec7bacf120c3623b0556bb41689fab90fca02dfe44c58f9221ae2a793718ce
- SSDEEP
  
  3145728:MzVwsehQ5oHOfgWBKkt0ba0+ti1OmHF1QTNKAw8inSMPw8Y6FxfE:sGmt10+wOGFCpzopTM
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence