8e04e88ce480aabebac8a5d2cf45b58527c4e113fd6a97814ceb768a293baf40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09aa36e267160133f0fb1b03e5abeb0f
Size

634KB
Sample

231225-gmqalabeb2
MD5

09aa36e267160133f0fb1b03e5abeb0f
SHA1

e043887201ae7839f5e24e9c7fa562f0e3e18faf
SHA256

8e04e88ce480aabebac8a5d2cf45b58527c4e113fd6a97814ceb768a293baf40
SHA512

acff8943fcbd7b547bb8a77c38fa373a603e3930279e32feaa7287eff6fa1d8fd9c9c8c0d720445ee596301629dc2001a41ad40949911d9d1600e1b02c93f996
SSDEEP

12288:ikfm/P0Ij9JDoi1x6dOkKp6udQItMymPGTvW0JAf1C3IqGCUgd4+Qa:Jfg8g9JDoi1x6nKEdItRmPwePo3IqygF

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  bpk.exe
- Size
  
  408KB
- MD5
  
  03560b316016aaaf3a990455fad56f80
- SHA1
  
  fbb9dfe2970adca6b1dcfb50eb221daa8c9344d0
- SHA256
  
  ab2b0046b2bd7c8ad33a34bdb6e735d3132786b1c7d5b6529ec60023176b885d
- SHA512
  
  af413a627ec92e551150ce997a9fa29d11e4af610675ccdbe9054c7a4e85d5987d1067f3c854cad8e41d9ce8e94bf1bd20eaa6060e14c9f53993553ed5ad4cca
- SSDEEP
  
  6144:XxfV4OWkSvtk7dnUA81ao4LeG/bEy+L8PwDw49EJyvi8b+f:9WRsUAWaoXKbEy+L8Kw4mJyvi4+f
Score

1^/10
behavioral1 behavioral2
- Target
  
  bpkhk.dll
- Size
  
  21KB
- MD5
  
  4ac96143da5dd9be85d5ee6628848b71
- SHA1
  
  bcc854eb2d705d922d7412d23931e5551fd962ff
- SHA256
  
  895811baab862cbd1ca138cb1194d6df10982d158ddb3a7d1ea56cee6cdf8f50
- SHA512
  
  18b8542b5c0c09607ffdd9e8685c890879bd120f575409ab86fbd7a0728e624317fc38e9f2b3d26e1a43a6a8f3442c3fdc67ccef7f1b1558aacdb9facdee5063
- SSDEEP
  
  384:ovgOpcoWUoTdTEtAhrSfcfVsJN/dO9DR6j2dzInLufEmOm3u+eq3DSLi:utAhrg+XDR6KeLufEmOm3ueTSLi
Score

1^/10
behavioral3 behavioral4
- Target
  
  rinst.exe
- Size
  
  22KB
- MD5
  
  9a00d512f9e1464ad793702cf2b1eda0
- SHA1
  
  39a47a90cd3dd132dbab9f5052dda38dbd7c63f6
- SHA256
  
  98d257f639ee9df968f77b1f66c78230d07d86e58a7ddf0d306a24af3873dc5b
- SHA512
  
  18604f20351db1d418f48f2eb023be07588754b428b5d6abb0a7c40d6bf174ce7dcab2ae6e06f22585e12f1bfdb6e408b17bf20e2a7ba137620002ac04b8b4ba
- SSDEEP
  
  384:c3PqIGR1uEtfWlXdbvoht0zsQHmr246v1hLqsHWuTqvhwp:aqZv3tfEbgIzsQHs6v1hLqQ9q
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6