Overview

overview

6

Static

static

1

ARQL25_69265.msi

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ARQL25_30067.zip

  • Size

    18.5MB

  • Sample

    240220-p3z4qshb93

  • MD5

    e14bd5fa4e2821b5356cef7b0e62386c

  • SHA1

    43f8d7ce75d0f9b5177aea30c42f10cd25cb9f8e

  • SHA256

    aeb23ba69d662e5c8fc765af2714ab0c1cdb443d00e66f751fc38a777ac1062d

  • SHA512

    6dab1b0be545698f31347e200b51229ffe2c1d5bfeb754149e5c2c9f25028a4bc7617f6f072ca38761038d08aea69b7dcdee9464d5d40a6913906caf55f6c56d

  • SSDEEP

    393216:PaSh7GCJ7i8Kj2XEYFLTm5JWlY/2crP2jxtczZOS6FWZCQ:oVRaXFFLT2JWleMw9OxIgQ

Score
6/10
persistence

Malware Config

Targets

    • Target

      ARQL25_69265.msi

    • Size

      19.2MB

    • MD5

      ca33e3b489162ddc3ad217f61b86c97e

    • SHA1

      faa398428b873a845ad52cc63061ff5a0602d6c3

    • SHA256

      0e79c3f3ca3c6a391ca7c70bb07ebbc8d3266d51287a62658203e8e935d4deda

    • SHA512

      666091ca5a5fc35951d076f6df59f578d9ac7807650cd5ceb26910412d1536acefae8fbcd66ad2773d85b190701d3b74349aad6afa67781c2176d8a4fd9ca37d

    • SSDEEP

      393216:4/wpJKaB9QEyLiZWGF/56TF4XgZCsl9sj3tgzXqGMJ8/M:AR5+ZlF/5uF4X86CrqBu0

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks