1d0dff8786d281f7c930ec91e9efd2f03b010bc49b08211b8fc56ca4a6dd22d1 | Triage

Sharing

General

Target

OpenVPN-2.6.9-I001-amd64.zip
Size

4.1MB
Sample

240320-xcw86agg3s
MD5

2fb575683a87dacadb774e454e2de01a
SHA1

3ffcad1cb36e9226f29b07ba3018870079867ba3
SHA256

1d0dff8786d281f7c930ec91e9efd2f03b010bc49b08211b8fc56ca4a6dd22d1
SHA512

be82bfa5f4554628955ff22d7dc3c46289283d861f18cb507725566132d5b64d37240b662b0f80c9c9e61be185b1a4dd2578382dd8b5cd4a97ed849c987d74c1
SSDEEP

98304:m6YZLCJQRuKz0VeUFzAP/wR+ORDkkmXLesT5vBIN/24dMa5694:oLBUCcesAns7Rwkeyso1562

Score

7^/10

discovery motw phishing

Malware Config

Targets

- Target
  
  OpenVPN.exe
- Size
  
  801KB
- MD5
  
  41dcc29d7eaba7b84fd54323394712af
- SHA1
  
  ddc0100723cc2dc9ae8b02a0cb7fe4a86c02d54b
- SHA256
  
  a909bef708a47ae428fedbc566132c56f15ae7511dc460cf22055ec1a72d485a
- SHA512
  
  5a3e8c1eda558e0b90470d752490bc4d04610f93e453cbfd9013a363cfdf5e607974d526c49efe2ef0440e241d775b66bd7c48c74ee9e8677a37cdedc30c42ee
- SSDEEP
  
  6144:xmbuKA33X1rgMuu+xdaXkW+zF6m8XZPELSrPzA:x6XA33X1rTuuyrVZ6m8XGH
Score

7^/10

discovery motw phishing
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral1 behavioral2
- Target
  
  libcrypto-1_1-x64.dll
- Size
  
  4.2MB
- MD5
  
  73ec39ec810c866be4f7393b751df61f
- SHA1
  
  5b7851beeafabb79d4bac78b02e6ab9447193bcb
- SHA256
  
  764a39a5533d4d34656154c80fc20a2bcab3e93901d00f158db335f30f5d0239
- SHA512
  
  b99d86e9ebad49cbf13e29f3a6cef0e5366bfb4658246282c50a78cbc79e4d00bd63d57044f922ddf6eb80fdf8b6593336572c8036977bbd6a17468ae9b28b7f
- SSDEEP
  
  98304:Bsaj8qr2b4ETnwhvGPS2tDQOiFLe+ft7n27D24dW2H6911CPwDv3uFfJ8k:Bsag284uwFQjtUO6S+4rH6D1CPwDv3un
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  vcruntime140.dll
- Size
  
  94KB
- MD5
  
  5797d2a762227f35cdd581ec648693a8
- SHA1
  
  e587b804db5e95833cbd2229af54c755ee0393b9
- SHA256
  
  c51c64dfb7c445ecf0001f69c27e13299ddcfba0780efa72b866a7487b7491c7
- SHA512
  
  5c4de4f65c0338f9a63b853db356175cae15c2ddc6b727f473726d69ee0d07545ac64b313c380548211216ea667caf32c5a0fd86f7abe75fc60086822bc4c92e
- SSDEEP
  
  1536:yOHL+4KsAzAfadZw+1Hcx8uIYNU5U9H0Q8ecbjt1lLN:yOr/Z+jPYNV9H0Q8ecbjt1j
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverymotwphishing

behavioral3

behavioral4

behavioral5

behavioral6