58d80782c3fb365c3dc4cd812bae64b0a0d3e1d981e11ccb32c7e6219395b90e

Analysis

max time kernel
18s
max time network
19s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19/04/2024, 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ibackupbot_setup.exe
Size

13.9MB
MD5

7e140a4824a2c2e43879fdcba2beb673
SHA1

18d46a304cbc99553d7d39bc4d3c5c08a0d612c9
SHA256

58d80782c3fb365c3dc4cd812bae64b0a0d3e1d981e11ccb32c7e6219395b90e
SHA512

bcf9f594d1387c1fe51fbdf83609b80c5e367be3cbde114e81adfd2a78a06b6db417a9d57f93ef5907084324c38582152c058ad89d966953c827ee964fd2b5a4
SSDEEP

393216:M0uaMGEcTI5K42z8s3XhX8nIcXKKG9SrdGMP6hx:M0Y0IpsUrBrjPkx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2356	ibackupbot_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ibackupbot_setup.exe
"C:\Users\Admin\AppData\Local\Temp\ibackupbot_setup.exe"
1⤵
- Loads dropped DLL
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nszB76B.tmp\LangDLL.dll

Filesize
5KB

MD5
ea60c7bd5edd6048601729bd31362c16

SHA1
6e6919d969eb61a141595014395b6c3f44139073

SHA256
4e72c8b4d36f128b25281440e59e39af7ec2080d02e024f35ac413d769d91f39

SHA512
f9dc35220697153bb06e3a06caf645079881cb75aed008dbe5381ecaf3442d5be03500b36bbca8b3d114845fac3d667ddf4063c16bc35d29bbea862930939993

Download Submit