46ca793a3a37e0ca9268c7f6b0e31b35db89792f6a95e6ea0f40b0de819687ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aad173f35bd54cd134a556a868dfc314.exe
Size

151KB
Sample

240107-yf6sfachek
MD5

aad173f35bd54cd134a556a868dfc314
SHA1

06b1b11ad53ff1f5e88ff782f42ada6f89df13a5
SHA256

46ca793a3a37e0ca9268c7f6b0e31b35db89792f6a95e6ea0f40b0de819687ba
SHA512

28d25e0fe717a3bb5d89a7f5f04b486c374206ba9679ae236f6105204d037bb19c94d15102d06e82617b9dd38ab0830fe966e8fd6a9a3c83a8686d0fdcdf614d
SSDEEP

3072:zxJ4be9MbCNEVyPjH7IE2KawoZixHJSYxQzhFXsT:9IbAEVyPDhcep12q

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  aad173f35bd54cd134a556a868dfc314.exe
- Size
  
  151KB
- MD5
  
  aad173f35bd54cd134a556a868dfc314
- SHA1
  
  06b1b11ad53ff1f5e88ff782f42ada6f89df13a5
- SHA256
  
  46ca793a3a37e0ca9268c7f6b0e31b35db89792f6a95e6ea0f40b0de819687ba
- SHA512
  
  28d25e0fe717a3bb5d89a7f5f04b486c374206ba9679ae236f6105204d037bb19c94d15102d06e82617b9dd38ab0830fe966e8fd6a9a3c83a8686d0fdcdf614d
- SSDEEP
  
  3072:zxJ4be9MbCNEVyPjH7IE2KawoZixHJSYxQzhFXsT:9IbAEVyPDhcep12q
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2