78f4accdfe82fceb7a536dc733d0775c8da7d8e0ced61f3f0175254ec3fbc8ef | Triage

Sharing

General

Target

yoitv.zip
Size

37.0MB
Sample

240306-stnwwsca9z
MD5

620cbb74379d12a400f3047816873aba
SHA1

fa590c18bc4668504790dd8259eea64d9b9810bb
SHA256

78f4accdfe82fceb7a536dc733d0775c8da7d8e0ced61f3f0175254ec3fbc8ef
SHA512

1c2570ceb9eb6f371498de43192b0bd1a9094e9a2aa65dcc20270f69b791ad508084fe6b46bf42b651a0e3f0b756c07d6b2dbe71aefbc31872a70ac7f56a0918
SSDEEP

786432:hIJoNHK1Gcejs7cRSR6HsEI2gtRvf1r1ry8Lx7/wIqYdWd8Kr21wI:h9WGcerSc42gfv9r1btqYdWd8r

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  YOITV1.0.0.2/YoiTV_1.0.0.2.apk.apk
- Size
  
  6.7MB
- MD5
  
  612c8f4c909e21038977d088943c9eaf
- SHA1
  
  952a9bd78cf077bc3a2e1b8b13c62d1b6b02b578
- SHA256
  
  2fdce4a457d63edeb966a1e1836dce6d1846fdc4746f5e0e988f8fb3ddc5b655
- SHA512
  
  b357b5347ec89b93e4dfa1ff18eeb2850a44257eebbfe9d001cfa4ab9cd380d77dabdf734bc58362da8dec8f65fb9466bb2314ce009266b969dd24cef64b5fe9
- SSDEEP
  
  196608:IIAOsdqcMC8Qo/ADNyETuBlyPzSYglz7DelJR3facLp:Rsdq8o/6yE0MPeYglz3ezRva6p
Score

3^/10
behavioral1
- Target
  
  YOITV1.0.0.2/YoiTV_1.0.0.2.dmg.dmg
- Size
  
  16.0MB
- MD5
  
  4e95ccf4ac3f90736cf5d66b62c11916
- SHA1
  
  1a19a7001a948d708d0f225cf9f404b98a45f434
- SHA256
  
  03d81e22ac376fbc188a8f227002c312d9dfa4021adb10a32d29f4c855181fe6
- SHA512
  
  0d0bd000c93a5428d00ab6c709f12c1b463ab841df123cfc2106116380b8f45f7ed41e2dbd991da386965d90d48fe5f95630c0623849a6fb6df55c1405d5ec39
- SSDEEP
  
  393216:Ap2o4qWTjvlHAOTcSWSBYXRmKpQOswAQvN4e9BrRBETC2by:22tqOHAbSWzEn5wAQFB9tIny
Score

3^/10
behavioral2
- Target
  
  YoiTV/YoiTV.app/Contents/MacOS/YoiTV
- Size
  
  16.3MB
- MD5
  
  4f3814b8b0914469c7aa4e7989d945da
- SHA1
  
  4fa6ca9461c7e2a1537464f0a4b156046d3d7962
- SHA256
  
  9c5c9eab80791f223a59bdd9711cfa81d6670efb9b1709a3c9b39a3ac7818222
- SHA512
  
  5cc49a59cf472ea9297dec28676ab6e8b5d2ca2604c878e7a0c6657ae597092916f6b819c85f11783f908452fb416f78a230bceaafade29cf327e6a87b0127c4
- SSDEEP
  
  98304:4OvS1fxpjbgFTfV8LwKFAgXb/8Y0ke1ehqTUXa7j9I8JHejlSHLz01Sb/kvCEyE/:fpmVAUXafEfSbjEyEIjnxeHY4Ejz3yF
Score

1^/10
behavioral3
- Target
  
  YOITV1.0.0.2/YoiTV_1.0.0.2.exe.exe
- Size
  
  15.0MB
- MD5
  
  d08dfa10f3350ef2b9baa3121bcf6097
- SHA1
  
  8c8ea94c1f95ae6c37829fcb092d6e3ccb9d81d4
- SHA256
  
  abd3bee9a5a3461c6beb58ab34f7068833c520620ff82702fde14fc5d5ffe770
- SHA512
  
  327037167cf08d03383cc42b884b79b6b14ca1f4968aa8bc99bbb17c1f174471a012a485da00fb1d31400d863b5e1e222ba1390d81eb98138cb8bdcc1e5bd6fb
- SSDEEP
  
  393216:wvdNPx+87LDJw2iD2nCAt9MKcoY3cL5bE+/morrJYX7I2HXMo:G+GLXPnCasokKxmErwXMo
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4