9c1129a7ffa519f670ca67fdec455f2b39a54b00745d06012cccef6e4b5f2ce1

Resubmissions

30/10/2024, 16:26

241030-txqekaymbr 8

09/01/2024, 22:14

240109-15vsksaahp 8

09/01/2024, 22:09

240109-127mzabcf9 7

09/01/2024, 21:52

240109-1q2mksbcb5 7

Sharing

Copy URL

Twitter E-mail

General

Target

9c1129a7ffa519f670ca67fdec455f2b39a54b00745d06012cccef6e4b5f2ce1.exe
Size

5.4MB
Sample

240109-15vsksaahp
MD5

fc5134ba4711406149556e32d47773aa
SHA1

24e23d1ce7273410b778a36aaa8191c3abeedf3e
SHA256

9c1129a7ffa519f670ca67fdec455f2b39a54b00745d06012cccef6e4b5f2ce1
SHA512

c457b37709914362717b867b88becda3751f2c79ee11a9f6d67a1780308e123a2e2a65ffb5af9431d99f7881a36ae16899d01cfcb8f52a569e3ca69ec78ac965
SSDEEP

98304:wG7cl1155MF19r71Gw5/91TK1IyHZnVD8jSTzpRcUOeCNx1w8vlXWUlCaHKMDqwK:xuQ3j51RK1IyvlvpcestRKMD4

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  9c1129a7ffa519f670ca67fdec455f2b39a54b00745d06012cccef6e4b5f2ce1.exe
- Size
  
  5.4MB
- MD5
  
  fc5134ba4711406149556e32d47773aa
- SHA1
  
  24e23d1ce7273410b778a36aaa8191c3abeedf3e
- SHA256
  
  9c1129a7ffa519f670ca67fdec455f2b39a54b00745d06012cccef6e4b5f2ce1
- SHA512
  
  c457b37709914362717b867b88becda3751f2c79ee11a9f6d67a1780308e123a2e2a65ffb5af9431d99f7881a36ae16899d01cfcb8f52a569e3ca69ec78ac965
- SSDEEP
  
  98304:wG7cl1155MF19r71Gw5/91TK1IyHZnVD8jSTzpRcUOeCNx1w8vlXWUlCaHKMDqwK:xuQ3j51RK1IyvlvpcestRKMD4
Score

8^/10

discovery
- Modifies RDP port number used by Windows
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks registry for disk virtualization
  Detecting virtualization disks is order done to detect sandboxing environments.
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Remote Services

T1021

Remote Desktop Protocol

T1021.001

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Modifies RDP port number used by Windows

Checks BIOS information in registry

Deletes itself

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Checks installed software on the system

Checks registry for disk virtualization

Drops desktop.ini file(s)

Enumerates connected drives

Maps connected drives based on registry

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4