General
-
Target
tif.exe
-
Size
603KB
-
Sample
240303-ajm8haae8y
-
MD5
889a8de7e88cbb32398b4219d7145de5
-
SHA1
446b7ec32dcbdde510722be67edd8f355e32bf7b
-
SHA256
28fe7130c142722ff8b32f513ad98ef67d0f728f6a94b3cde432706c8c0cd264
-
SHA512
2b4a05459995d32a60353ccf616d7e1a80e2843fb323998bf53e4b67d8d48076ee363bb7c0ff4f50f2198818d0847058c0c00e1ee536fb3654cab737c10414da
-
SSDEEP
12288:0ctEagGmcl4gBF1BRnI6hAVebOe1o6Nga8FM7OMLczPifSLshw0/uKXkIIMYuFkZ:VR+cl7X1BRnI6hmebOe1n7mMlLczPikB
Static task
static1
Behavioral task
behavioral1
Sample
tif.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
tif.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
tif.exe
-
Size
603KB
-
MD5
889a8de7e88cbb32398b4219d7145de5
-
SHA1
446b7ec32dcbdde510722be67edd8f355e32bf7b
-
SHA256
28fe7130c142722ff8b32f513ad98ef67d0f728f6a94b3cde432706c8c0cd264
-
SHA512
2b4a05459995d32a60353ccf616d7e1a80e2843fb323998bf53e4b67d8d48076ee363bb7c0ff4f50f2198818d0847058c0c00e1ee536fb3654cab737c10414da
-
SSDEEP
12288:0ctEagGmcl4gBF1BRnI6hAVebOe1o6Nga8FM7OMLczPifSLshw0/uKXkIIMYuFkZ:VR+cl7X1BRnI6hmebOe1n7mMlLczPikB
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1