0f60e086a4cf0a293a52d601635c3899802817c03192f4cd61f7198f8b6bf58a | Triage

Sharing

General

Target

aa609c7363a8dd21471794ffb981051d
Size

224KB
Sample

240227-2zz1sadg6s
MD5

aa609c7363a8dd21471794ffb981051d
SHA1

2b48265b4b705cd06d765084f254cb088cefbdd4
SHA256

0f60e086a4cf0a293a52d601635c3899802817c03192f4cd61f7198f8b6bf58a
SHA512

4c19e02d85b6fda1ff66e827028e8f0dc55147a5f5fed1de238bc6fa8488965e138c1d611c3b6b3b607258a5395e8bef38b231bde254cd6f2bff995b90e9f497
SSDEEP

6144:qtkEoAM4iYQqA4PwYXXwRV4GmTH9dcMf6QFoYJZwYX:aPwYXXwRV4PBFoLYX

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  aa609c7363a8dd21471794ffb981051d
- Size
  
  224KB
- MD5
  
  aa609c7363a8dd21471794ffb981051d
- SHA1
  
  2b48265b4b705cd06d765084f254cb088cefbdd4
- SHA256
  
  0f60e086a4cf0a293a52d601635c3899802817c03192f4cd61f7198f8b6bf58a
- SHA512
  
  4c19e02d85b6fda1ff66e827028e8f0dc55147a5f5fed1de238bc6fa8488965e138c1d611c3b6b3b607258a5395e8bef38b231bde254cd6f2bff995b90e9f497
- SSDEEP
  
  6144:qtkEoAM4iYQqA4PwYXXwRV4GmTH9dcMf6QFoYJZwYX:aPwYXXwRV4PBFoLYX
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2