1fcb14bc7522a0922c93e547f4d66f751912a21b2ed7ad064d04ccac38f76126 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

send_DATA.exe

windows10-2004-x64

7

Resubmissions

27-11-2023 18:34

231127-w7p8nabe9z 7

27-11-2023 18:02

231127-wmelesbd6y 7

Sharing

General

Target

send_DATA.EXE
Size

25.1MB
Sample

231127-w7p8nabe9z
MD5

fd8bbb439a49d44e79126b46e0d7e34b
SHA1

ca00b55deeaf5efb50ec015d1667b23eb3943235
SHA256

1fcb14bc7522a0922c93e547f4d66f751912a21b2ed7ad064d04ccac38f76126
SHA512

08ac2844063c3e3ee36da551e330c42c24b2044ec9e945ef509fb5087ebc163a6a8e43da78cc554dec4aaa2334bc21e44d53641ad3d6e6383f044909c502ec9c
SSDEEP

786432:WQ0LA5kKh6YiHS7c4K0uERoOwRmvsbvT6OgnHZU9t2PlP9oK:fky6Yiy7c4K0uEyOwwO325UmPnl

Score

7^/10

discovery persistence pyinstaller

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

send_DATA.exe

Resource

win10v2004-20231020-en

discovery persistence pyinstaller

windows10-2004-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  send_DATA.EXE
- Size
  
  25.1MB
- MD5
  
  fd8bbb439a49d44e79126b46e0d7e34b
- SHA1
  
  ca00b55deeaf5efb50ec015d1667b23eb3943235
- SHA256
  
  1fcb14bc7522a0922c93e547f4d66f751912a21b2ed7ad064d04ccac38f76126
- SHA512
  
  08ac2844063c3e3ee36da551e330c42c24b2044ec9e945ef509fb5087ebc163a6a8e43da78cc554dec4aaa2334bc21e44d53641ad3d6e6383f044909c502ec9c
- SSDEEP
  
  786432:WQ0LA5kKh6YiHS7c4K0uERoOwRmvsbvT6OgnHZU9t2PlP9oK:fky6Yiy7c4K0uEyOwwO325UmPnl
Score

7^/10

discovery persistence pyinstaller
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencepyinstaller

© 2018-2024

Terms | Privacy