Resubmissions

06-02-2024 19:04

240206-xq7xtafdfn 10

02-04-2023 09:53

230402-lw48bsha6t 10

General

  • Target

    MDE_File_Sample_c6bff7857fdf33cbd8f052ef5d669675e5cf06f8.zip

  • Size

    393KB

  • Sample

    240206-xq7xtafdfn

  • MD5

    9a2d925d33f642ced15e59d0090ba7fa

  • SHA1

    46ee0763ffe8a2ae05ac6110826940ae8b01329a

  • SHA256

    b50982f889255af6558b6ee07be5837049bb94297ff0c0db6d4670a9001916dc

  • SHA512

    1964f6360dfd431815286ecdc8adee5ec5e70d4cfce091a7947bb0df038b3c5d1ec65fa882d244808195d66658e1953d5d29d00b4859535f7af79cdcd9fa7aaf

  • SSDEEP

    6144:Rf5gLrfpY/wKbZWUlVTal9hrBu/RMq8CfIR29CSuIIh3ooUpF4vEREMf3QQ7iaF:LgLkw8ZVM9hduSqbIosSuII7WVy+QeDF

Malware Config

Targets

    • Target

      AlphaZackCosmos.exe

    • Size

      751KB

    • MD5

      4d853025b8cd8c725bf78e3df6cce967

    • SHA1

      c6bff7857fdf33cbd8f052ef5d669675e5cf06f8

    • SHA256

      4f648c95b8c832742b8b43f4e70689d0ef0328841744858c75d0a4e98fda5ff8

    • SHA512

      977e43eaa763cc66114e00a615818c66a84a5a47bac1cdf21eff9f8f1dcebf138d8ede823265a2f30807d648c57bf036818254964358691d3f9a013f930705cf

    • SSDEEP

      12288:Tc0dZib4t9uOroAgUHvCUt4RtlTc+YNKpQsNvVd1gF:Tc/UtwOrZgUHv54Rt6+YNkQsNmF

    Score
    10/10
    • FlawedAmmyy RAT

      Remote-access trojan based on leaked code for the Ammyy remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks