7361df98c7cd1e56e0345e61cf68c1d5818d4064269f9b234511c7060e97ad9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a6fc2d8611cae0eda7fc1b53495a6b3b.exe
Size

3.3MB
Sample

240129-ek72hsahdp
MD5

a6fc2d8611cae0eda7fc1b53495a6b3b
SHA1

0a8a58bc8bfa8eeb98dca98af8b55aa780f52b10
SHA256

7361df98c7cd1e56e0345e61cf68c1d5818d4064269f9b234511c7060e97ad9f
SHA512

0d519183d97402f68f4db2df3955cf2aa7053fa1546392acc3e13532848bc6aab8a73d2e30165f2c88c6640ac815a285280cd2cff4bd48440bf2568e130468ce
SSDEEP

98304:qi++qX8iuivYw7Kx0tJI7dKeZICTTTr1jjxS:xcNuyYw7RtJI7ZZhTTtjQ

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a6fc2d8611cae0eda7fc1b53495a6b3b.exe
- Size
  
  3.3MB
- MD5
  
  a6fc2d8611cae0eda7fc1b53495a6b3b
- SHA1
  
  0a8a58bc8bfa8eeb98dca98af8b55aa780f52b10
- SHA256
  
  7361df98c7cd1e56e0345e61cf68c1d5818d4064269f9b234511c7060e97ad9f
- SHA512
  
  0d519183d97402f68f4db2df3955cf2aa7053fa1546392acc3e13532848bc6aab8a73d2e30165f2c88c6640ac815a285280cd2cff4bd48440bf2568e130468ce
- SSDEEP
  
  98304:qi++qX8iuivYw7Kx0tJI7dKeZICTTTr1jjxS:xcNuyYw7RtJI7ZZhTTtjQ
Score

7^/10

discovery persistence
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Checker.dll
- Size
  
  41KB
- MD5
  
  15d08cdf9b65dd72719cba1465e43739
- SHA1
  
  49023d696e3fe9141f22a4b88e67f1e05deaacc1
- SHA256
  
  a34cdbe03e066f4ffb7431c806c0600e5e7d4dba239174c373b2445dba3f66ae
- SHA512
  
  34af6a638e538703af3ef9b52b2a68a48daec1be14f77b6e464882f8f6d2ad670903cfe8d310c750d39624facf14184d6222196aec92231253ba868585b9f885
- SSDEEP
  
  768:MNZoBQfjXtKahyIXlQWBh/GxHxn2hEDVyx1jZvD9FN:MNZwApK0XlLYd9ol9L
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  30a8c8e0e35d7d036fea63ceca28b462
- SHA1
  
  e3e15d822bdd5e98c80e9b7c00a476dccbdc6eb6
- SHA256
  
  de1caa5f3a80a5cfffe6d475ca3404b8928d57c8adba49d89b13fe95ab2ee50b
- SHA512
  
  f68f6922352ed2c834bc0562681ef740c54bd430cbbd66bb6d5534fd146875b0a9937e98925727a8bd9dcad3d5e99322de13aaba231999d8c7608526a8adc181
- SSDEEP
  
  192:g46k30R+dHp4TaQm1QukrdWWmUOWDNsrwJBsLLvjCK72dwF7dBOne:Z6k30gdHp4J6Q0lXLvjC+BO
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  dd87a973e01c5d9f8e0fcc81a0af7c7a
- SHA1
  
  c9206ced48d1e5bc648b1d0f54cccc18bf643a14
- SHA256
  
  7fb0f8d452fefaac789986b933df050f3d3e4feb8a8d9944ada995f572dcdca1
- SHA512
  
  4910b39b1a99622ac8b3c42f173bbe7035ac2f8d40c946468e7db7e2868a2da81ea94da453857f06f39957dd690c7f1ba498936a7aaa0039975e472376f92e8f
- SSDEEP
  
  192:VFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/993:97pJp48F2exrg5F/9
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/Zip.dll
- Size
  
  76KB
- MD5
  
  542567398f77e95808afac5f96083c11
- SHA1
  
  d85c2129928188bee8fd48c5549aa3db4aebc462
- SHA256
  
  e5234c4c4b82edcf6936eea28b0f9a447423c9358c4c5a4f230897296f3f2d42
- SHA512
  
  3ae6c87d543d8822bcc26e327365218b6cb16d711ba1def06f8b796760badcab248bccc74309d8eb27e363d65af92307f76f38f013966188f1f1463152ea8b19
- SSDEEP
  
  768:QqzEOfLo2T0pHES42P2wsSrSlAKL0RvTZTEeo9L1Po0OQuiSKcKysNU3her9dohC:QhQspHrXK5eKO5KysyxAd4CfR
Score

3^/10
behavioral10 behavioral9
- Target
  
  SumatraPDF.exe
- Size
  
  6.2MB
- MD5
  
  a66c9054c372978b5752566361c27535
- SHA1
  
  527b8a0f9bffc41df878fb45e73f58e01e827e25
- SHA256
  
  54e19ff0a436f9806ff4dec14882a3391026751242b0e53330325e7c256d5155
- SHA512
  
  3114d24ccc0705cb722fd0a6ef135215e6475702d12073ab0567039a34d2cb279f7a6f6ffb58cc2a38dc87b3f97c71c245709ba6242813a0abd5ca0d0bb7e17e
- SSDEEP
  
  196608:DDXbNtDd/MmCp3XH0PXBs72S3CKCXCv2a/At:DDXht5/MmCpHUPXOR39Uk20C
Score

1^/10
behavioral11 behavioral12
- Target
  
  uninst.exe
- Size
  
  39KB
- MD5
  
  b462f3c38bc5b56e06976a94a7c36bc7
- SHA1
  
  0106bf912fa9a37bb975afb00fd4ebaf7dff13cd
- SHA256
  
  446c3dc2041bd1d0968e92ec21d538da95dd85c62535293fdca425b02587bbe5
- SHA512
  
  f33baef794d57eec26df2b173719c3dde0e8e1f9354d598662d1b86c1317b21fbff17b1ce373495f9bfe717d10b8dba1d486fee18bbb51b726e480300c606343
- SSDEEP
  
  768:0Gn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPciuc1sJ:T4hwgonu0fJytuPwbdNcir1sJ
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14