d314979381670be394531a78835a56e5e5894aa7aa43da36d86fcda97db2567b | Triage

Resubmissions

09/03/2024, 00:10

240309-agetcabb6y 8

09/03/2024, 00:06

240309-adr99sac64 8

Sharing

General

Target

amass-2-0.zip
Size

181.3MB
Sample

240309-adr99sac64
MD5

a98dbc5c65a573f475c1c1cb6465ab19
SHA1

96529d1d7731cfbceb7b03e0aec0ea15709bde67
SHA256

d314979381670be394531a78835a56e5e5894aa7aa43da36d86fcda97db2567b
SHA512

8f45941b7c469630a6f774fa3c9553a8ec03543f63d70b5313925285ee3b8b5193d01f6169031855c4cfa5991758bb3426794a5ad907aaeb7d0815adcc07dfb0
SSDEEP

3145728:RDPeZ4/wkQt3w4f2L3oI7Nko59nEy5XR9qCVUT+35LLg9cmssXNpDtgX8UZuQdoh:Sc2Df20It59Eyn9LVUT65XgiQNkJ90px

Score

8^/10

upx

Malware Config

Targets

- Target
  
  AMASS 2.0/AMASS/InstallationNotes.rtf
- Size
  
  143KB
- MD5
  
  e285f50f5f50c628c78f265ee55882e9
- SHA1
  
  ef95ce1fc10fa2323e7deaf79e2989394e86ab72
- SHA256
  
  b1c4bfe4dc1f547152e19f5815528ca721beb00a244f4f2e3dd1095c611d2312
- SHA512
  
  8a86d3d53d1af12466979c28b14bd008d1a701127ec2a8ccbb036be14f014630791e1286b6dbaa1a8dcf002c3d612bcfaa1792c7cfe7278e2636fac96d71ca5a
- SSDEEP
  
  3072:VQNXmAmyFtlZ6yjKp2U9MUXeNnj3ipaKg5V8FU:ymA7lZ699MU5FU
Score

4^/10
behavioral1 behavioral2
- Target
  
  AMASS 2.0/AMASS/ReleaseNotes.rtf
- Size
  
  174KB
- MD5
  
  276d96b2fe669e30b1483999e9f0c2d1
- SHA1
  
  bd3e6ad6616c33884a8f733684299c8174c0ecf8
- SHA256
  
  d4631f260ede90faa3b709c7256ac503b603f45bbd1447aea3cc01c62f2d03e2
- SHA512
  
  74790b950398fbd3ecb81d44991fe573353b0f22eda6167401cddd873fa73bc5ef2b2fa692a4f7f27646c3cfa033ffcffa9ac3e8c25bc4252b9c58778e98ec5c
- SSDEEP
  
  1536:lEtAZdGdioeLroRL1Y24ISBuht9u/1pIg3cCLjc8an/QyG:l7ZdGdioeL52UBulu/znjc8an/Y
Score

4^/10
behavioral3 behavioral4
- Target
  
  AMASS 2.0/AMASS/setup.exe
- Size
  
  140.6MB
- MD5
  
  0d8889f0d96f1564f8b990a297e48d1b
- SHA1
  
  40d540ada5a734c711ddc8e1967816041dcc60d8
- SHA256
  
  94c303148b663e9b069a4254d3a5d858bd14f173e0366053a1c0a076b49a1bf9
- SHA512
  
  71caa952272355f290293edd571a3cea4d76f7c29efee5c17ceba8f68c30f2540b2b56835859b3856b5affb6f1b9fedf734c86f454c006f0edfda9c72625a123
- SSDEEP
  
  3145728:eRFAvw1IEslZM6FCb9ymhlU8JxRiQtppxCAbWxeTbBJyVcAG09vvF34lMsZl:DiSFFCEmVJxcQRxdbWxGb7yakvyxl
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  AMASS 2.0/LicenseManager/LicenseManagerSetup.exe
- Size
  
  40.8MB
- MD5
  
  0b8af7b445e5eecf1674e198dcf422c6
- SHA1
  
  d8c0025cf41f2e313b6382001a45594e65896cd4
- SHA256
  
  c5e754131691a1362d9f28ba77e6ab2aec76b3834796c54a63b44d2a66916774
- SHA512
  
  d47617f496a7864260e94aacc7ff0c1b95b3ecb22981e09409da2bc4433a61a3ecb097053589fe58abc66eeb3c07f6f7b8d22f68aed5b2c5a94ecdc4fd1283da
- SSDEEP
  
  786432:ZIxZMrefY33o5l6QHaiWdWL22938+uNqMkyH1pK1oHEgBN:YiegHo5psdWx8+uNnH1p2opN
Score

8^/10

upx
- Drops file in Drivers directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  AMASS 2.0/Virus Scan Declaration.pdf
- Size
  
  242KB
- MD5
  
  ab4037f271966d157b1c272940ed02ae
- SHA1
  
  3646da51690e301eee407ff32bdb5946d85512ef
- SHA256
  
  24349720d24448b85b3ce7ccef38dc51c641a4bb51ab08eee0ba77d5399b2e4d
- SHA512
  
  5619ecad9cf6723631d3be9ad94a904244aa994b1372e10f0f8fdb4dffa864ee733fc8f2af68cee15dfdaf518d407459fe752ba1f5e40eec9d24b8d83566332e
- SSDEEP
  
  6144:ALsF0EAMYcPjMK/PA5iASu++71pQh8YvPMDTit22QGm9t:A4FFDPoIP0nSu++bWv0DWU2K
Score

1^/10
behavioral10 behavioral9
- Target
  
  AMASS 2.0/msvbvm60.dll
- Size
  
  1.4MB
- MD5
  
  ad7489fa133a4bbc001c2a71c9da35b6
- SHA1
  
  39fa3075d9c71fb91bb2636e61bfd86183b5a624
- SHA256
  
  9755222ae17995bb3f85c252ec386079716477ee26a2f707951c7131137c38ef
- SHA512
  
  b67a0a0b4a8e04abc216d04ca57a58e115821a6d172ddff2a25b9fad702bb9479b5dcb48f8ce6a7c87995495ab47e1b3e6ce928cecf22659b8471dbf65f5d054
- SSDEEP
  
  24576:OTWpz0NS6ShiAl2C+pToAxafJ6QhT/3ZJ5tfzkIpL8X+PW3OD/nVG3y6Uv7L7M0:OTWpoI6ShiAglpBGJjRpL8XWW3OD/Vzn
Score

1^/10
behavioral11 behavioral12
- Target
  
  AMASS 2.0/setup.exe
- Size
  
  2.6MB
- MD5
  
  f60f16734c6032efdb614b1cd8de7a00
- SHA1
  
  ec3d0f54233acf3bd583b3d1d89fde62c025bd0b
- SHA256
  
  26825915608783e7034d7cf12db64d4c78f70eac44c7351abedf843a8b483d8a
- SHA512
  
  5d0a017b7c7855676846b2d8df96445dea8943a3871f5aebea1eaf5028035bdb76cd57c5722739bcc9f79946e57dd0b8a946cad90f35bd472da3f87f9a721ce7
- SSDEEP
  
  1536:m1Sr1nt2W6tdC+pkzmzW6kgr8eHvPb5hmmVgZVptECqP6+UqXswm+mZEeD1uqpib:mAOSyJXZrsSGjC
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14