8b8e5b528101d485cda531b55f109a4801dea395ed29c995cf534dda705d3b17 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

968.1MB
Sample

231223-25fjbscfa5
MD5

b844f8be0aee168f9b827cb5aa181bf5
SHA1

c6650566b6b896123b49511e724fc48b9f61ce36
SHA256

8b8e5b528101d485cda531b55f109a4801dea395ed29c995cf534dda705d3b17
SHA512

41fc34f019f231cae1ae2fd982cfb884ea39f9b269d1bd376a4a941e42c4c9d1b449e531e116764e91818406ef75f5c10d6046ee5896faf17cf0199424833e01
SSDEEP

25165824:8w6Cvmu9PsmEVbhcx/GJhRwzLtY4m3yFTYYpml5ReCguqu7l:8w6CvmDm1tBm3yFTYY8l5Rhguqu7l

Score

10^/10

discovery

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://1620888.com/memo.ps1

Targets

- Target
  
  Setup.exe
- Size
  
  968.1MB
- MD5
  
  b844f8be0aee168f9b827cb5aa181bf5
- SHA1
  
  c6650566b6b896123b49511e724fc48b9f61ce36
- SHA256
  
  8b8e5b528101d485cda531b55f109a4801dea395ed29c995cf534dda705d3b17
- SHA512
  
  41fc34f019f231cae1ae2fd982cfb884ea39f9b269d1bd376a4a941e42c4c9d1b449e531e116764e91818406ef75f5c10d6046ee5896faf17cf0199424833e01
- SSDEEP
  
  25165824:8w6Cvmu9PsmEVbhcx/GJhRwzLtY4m3yFTYYpml5ReCguqu7l:8w6CvmDm1tBm3yFTYY8l5Rhguqu7l
Score

10^/10

discovery
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2