211fc50105cca5c9893cefe7ea1d740dd8d789ebe762075fe58d0669d160fc88 | Triage

Sharing

General

Target

7a68b2598040d342eef5e8194b7971fe
Size

301KB
Sample

240127-q2shyaddb6
MD5

7a68b2598040d342eef5e8194b7971fe
SHA1

7147fad58f345d94cf597425f9a93621d3b8d88d
SHA256

211fc50105cca5c9893cefe7ea1d740dd8d789ebe762075fe58d0669d160fc88
SHA512

820bc1db147c32ecea615062055c178800296477ec114408ab0b1e768149875af35dd908ed708f2f4535fb784fda825788e08991fd80a45106629c1a54e7217e
SSDEEP

6144:bzfj/IEL1c57oIWkhJrCGTpFIYsgeWnwtCd:7/IELYklkhRCCYYsgG

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  7a68b2598040d342eef5e8194b7971fe
- Size
  
  301KB
- MD5
  
  7a68b2598040d342eef5e8194b7971fe
- SHA1
  
  7147fad58f345d94cf597425f9a93621d3b8d88d
- SHA256
  
  211fc50105cca5c9893cefe7ea1d740dd8d789ebe762075fe58d0669d160fc88
- SHA512
  
  820bc1db147c32ecea615062055c178800296477ec114408ab0b1e768149875af35dd908ed708f2f4535fb784fda825788e08991fd80a45106629c1a54e7217e
- SSDEEP
  
  6144:bzfj/IEL1c57oIWkhJrCGTpFIYsgeWnwtCd:7/IELYklkhRCCYYsgG
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/IpConfig.dll
- Size
  
  114KB
- MD5
  
  a3ed6f7ea493b9644125d494fbf9a1e6
- SHA1
  
  ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8
- SHA256
  
  ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08
- SHA512
  
  7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1
- SSDEEP
  
  1536:CPDzpyvLtmY7SeAmhPzV8+i7kRuACUxHf91MionF9JTwrLPG5zfO+lP7:UZl1e7L4ARzC3dwrLPG5zG+lP7
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/WmiInspector.dll
- Size
  
  104KB
- MD5
  
  8531346d16fa5d4768f6530d2eb2b65c
- SHA1
  
  153601d36aa0ddfbc597b1e890917364878791ca
- SHA256
  
  a9347413de4b0f90cac0b5e300cec9c867bdb28bd7a60d07b10fd31ee56c60cb
- SHA512
  
  f214e75de20edeb7eece02659fd7dafc8c3d63c2350c58825bc6e9ce0b73237962d8273b4bc803a2f304cee9f9cad1cd4edab28322c1e678bc25eb88faa6a841
- SSDEEP
  
  1536:V8FVCqSrlWzXRaGDejG4jsenxiqIjF3/BWBk7/lU6wt1bA:OaqSr4XkGuxny93Vwt1bA
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  f02155fa3e59a8fc48a74a236b2bb42e
- SHA1
  
  6d76ee8f86fb29f3352c9546250d940f1a476fb8
- SHA256
  
  096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999
- SHA512
  
  8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399
- SSDEEP
  
  384:voJLJVqG5WLJgu/Emx1Ywxd2ZmX66vwUhU7ya4LC0Ac9khYLMkIX0+Gv8gcLom7:AJVkN8mHYwxdWmX3wUhUua4LeT7
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/t1.dll
- Size
  
  4KB
- MD5
  
  058ba8a0916d957d3b91d08ea2e876e2
- SHA1
  
  1a7c36c50c5bd93f535b624a2882bc3905e7e7f3
- SHA256
  
  510af8083c0eef8b04e1171a9d6d94c64a1859701bbb106c565d2ec869437661
- SHA512
  
  24124b45bf42e186a06fcb71ca7e2c1fed3b762b681286185d7cdff53b3800c35b6326a6f21c82e9de59d8bbcb3fdab4a5c1cc9c8683e43ff230b07913d26f02
- SSDEEP
  
  48:a/1/wEVQWsasy/372nPbws6KcSCcqGTN5gXwvl9g6P:81/wise/37upcpcqGh5gs
Score

1^/10
behavioral11 behavioral12
- Target
  
  IWsrv.exe
- Size
  
  55KB
- MD5
  
  8c68148377f2f6da1992261ae2503773
- SHA1
  
  0f49e7ce220bd4862c9335a6512718b6908b59c2
- SHA256
  
  ce6f3275d7c103f4b65e1afd444924a59505943ebaf27a1fabd162b480318b4b
- SHA512
  
  de11083a64777720a8f2289f8dd9ee73166b7e3e1ee5d5ef90b979d3f5d9299573c7af5d22035a6a1ec7da94b140792096d59be64364ccc53ef927317c832238
- SSDEEP
  
  768:HpNEDsXQ8wS5psNs789MU7WjmhaPf97Abkk9EDHFnmhNwB/nP/j:HOsXcCeNsYMUBa3SkfR/n
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14