a7b311c609b9fbf8539376a4aa7e1c7f881c5f9af2ac1b46b684674c4992b7f8 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

stager.exe

windows10-1703-x64

8

stager.exe

windows10-2004-x64

4

Sharing

General

Target

stager.exe
Size

2.4MB
Sample

240418-wskdvscb9y
MD5

e6c0cadfde8b03d7a37a0c91833ed73c
SHA1

fea0214ee731ce87943b4edfc25dba30fbed2878
SHA256

a7b311c609b9fbf8539376a4aa7e1c7f881c5f9af2ac1b46b684674c4992b7f8
SHA512

72b8d9685ac45edb3cfe5b51608298899ad0c07de87cf87367cca37d2562b1a4722c11a2478825a40e5030f04fcf1d97c3af2008ea5baca6f261df6f16d2ed91
SSDEEP

49152:rNfnwiPJ5sDBjvC4ct0zAAwPy/pTBJv702sb:54QejwK/5BW

Score

8^/10

microsoft persistence phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

stager.exe

Resource

win10-20240404-en

microsoft persistence phishing

windows10-1703-x64

28 signatures

150 seconds

Behavioral task

behavioral2

Sample

stager.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  stager.exe
- Size
  
  2.4MB
- MD5
  
  e6c0cadfde8b03d7a37a0c91833ed73c
- SHA1
  
  fea0214ee731ce87943b4edfc25dba30fbed2878
- SHA256
  
  a7b311c609b9fbf8539376a4aa7e1c7f881c5f9af2ac1b46b684674c4992b7f8
- SHA512
  
  72b8d9685ac45edb3cfe5b51608298899ad0c07de87cf87367cca37d2562b1a4722c11a2478825a40e5030f04fcf1d97c3af2008ea5baca6f261df6f16d2ed91
- SSDEEP
  
  49152:rNfnwiPJ5sDBjvC4ct0zAAwPy/pTBJv702sb:54QejwK/5BW
Score

8^/10

microsoft persistence phishing
- Drops file in Drivers directory
- Modifies Installed Components in the registry
  persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

microsoftpersistencephishing

behavioral2

© 2018-2024

Terms | Privacy