220099257aeea3d9a232d52badad87258bce95081a219850ab961c9dd39c908a | Triage

Sharing

General

Target

07dc99b924f6e4c5055d948b43572a08
Size

3.7MB
Sample

231230-aa38cschfr
MD5

07dc99b924f6e4c5055d948b43572a08
SHA1

f3b8481551447c4494d6e37e6e025482807700b0
SHA256

220099257aeea3d9a232d52badad87258bce95081a219850ab961c9dd39c908a
SHA512

a287580b24602c504fbf9077357871cf964087a37d428fff1b42755ec74e0e5155eb500d6da1835dd5b8ed2b176d858888aa7a2aabadd3addf9bc4cb5c884674
SSDEEP

98304:Xo2PNa+TWEBO9TANHdchggxfP+C+s1pYMhGm9rtCHU:4uTFBg0bsPQObGm9rh

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  07dc99b924f6e4c5055d948b43572a08
- Size
  
  3.7MB
- MD5
  
  07dc99b924f6e4c5055d948b43572a08
- SHA1
  
  f3b8481551447c4494d6e37e6e025482807700b0
- SHA256
  
  220099257aeea3d9a232d52badad87258bce95081a219850ab961c9dd39c908a
- SHA512
  
  a287580b24602c504fbf9077357871cf964087a37d428fff1b42755ec74e0e5155eb500d6da1835dd5b8ed2b176d858888aa7a2aabadd3addf9bc4cb5c884674
- SSDEEP
  
  98304:Xo2PNa+TWEBO9TANHdchggxfP+C+s1pYMhGm9rtCHU:4uTFBg0bsPQObGm9rh
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2