99922e1d75e1d8b5de18fbf9f8989e134dbb598f756e7863e9a615371f64b7fc | Triage

Resubmissions

07/01/2024, 16:29

240107-tzf9nsbed2 8

07/01/2024, 16:03

240107-thl4labbh7 8

Sharing

Copy URL Twitter E-mail

General

Target

yi628x7n.exe
Size

290.8MB
Sample

240107-tzf9nsbed2
MD5

a0fbd542b8af84f83f471bd89c61adca
SHA1

b4ab3939de46447f81df0d1d1aead7f225eafc90
SHA256

99922e1d75e1d8b5de18fbf9f8989e134dbb598f756e7863e9a615371f64b7fc
SHA512

c2b1499e9676c1206a00ef1f2d6e78fc57e9995a2b4166a79caf1b128359c70ffc48a1ccd372e366489a0ce91f87622d95942d8c99caa199a7688c7e7be36384
SSDEEP

6291456:EhZpLkn/KMwZ0dWmk3Zyrx6zVzltg9DXGehkFDpWbv6+TwuRjUSzVU80cppDHPgS:E1knwCd0Ze6zuJ2ehx0uRjUwppDHJ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  yi628x7n.exe
- Size
  
  290.8MB
- MD5
  
  a0fbd542b8af84f83f471bd89c61adca
- SHA1
  
  b4ab3939de46447f81df0d1d1aead7f225eafc90
- SHA256
  
  99922e1d75e1d8b5de18fbf9f8989e134dbb598f756e7863e9a615371f64b7fc
- SHA512
  
  c2b1499e9676c1206a00ef1f2d6e78fc57e9995a2b4166a79caf1b128359c70ffc48a1ccd372e366489a0ce91f87622d95942d8c99caa199a7688c7e7be36384
- SSDEEP
  
  6291456:EhZpLkn/KMwZ0dWmk3Zyrx6zVzltg9DXGehkFDpWbv6+TwuRjUSzVU80cppDHPgS:E1knwCd0Ze6zuJ2ehx0uRjUwppDHJ
Score

8^/10

persistence
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1