155e513d1d4112f866526453f7ebbb4245fb92a0d5b29cad954d3371f63b4c1b | Triage

Sharing

General

Target

x-mirage-inst.exe
Size

36.0MB
Sample

231122-3zbtmafh31
MD5

9dbe2a0e7c69daf944726046f44134cb
SHA1

bd5033778ec1a2179e59ce48687c0e8713039146
SHA256

155e513d1d4112f866526453f7ebbb4245fb92a0d5b29cad954d3371f63b4c1b
SHA512

f627f2495ab57b6becc6ae9b645c0865d0a0a681d3d480923b854d905361f5a26931948f0493f84731b46d6cdda6ddec23fc18a7ca8ea6cb6b7678370df99861
SSDEEP

786432:kaQSm27Ior0kd9o4Qrz7HL7HW7tLLVaZlOcopVyVFR7:n+mN06QrrbWJLVovuVY7

Score

10^/10

discovery evasion

Malware Config

Targets

- Target
  
  x-mirage-inst.exe
- Size
  
  36.0MB
- MD5
  
  9dbe2a0e7c69daf944726046f44134cb
- SHA1
  
  bd5033778ec1a2179e59ce48687c0e8713039146
- SHA256
  
  155e513d1d4112f866526453f7ebbb4245fb92a0d5b29cad954d3371f63b4c1b
- SHA512
  
  f627f2495ab57b6becc6ae9b645c0865d0a0a681d3d480923b854d905361f5a26931948f0493f84731b46d6cdda6ddec23fc18a7ca8ea6cb6b7678370df99861
- SSDEEP
  
  786432:kaQSm27Ior0kd9o4Qrz7HL7HW7tLLVaZlOcopVyVFR7:n+mN06QrrbWJLVovuVY7
Score

10^/10

discovery evasion
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion