edfc6c84dc47eebd4fae9167e96ff5d9c27f8abaa779ee1deab9c3d964d0de3c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

python-3.12.3-amd64.exe
Size

25.5MB
Sample

240505-fmrmzsfg5y
MD5

c86949710e0471a065db970290819489
SHA1

b1207fba545a75841e2dbca2ad4f17b26414e0c1
SHA256

edfc6c84dc47eebd4fae9167e96ff5d9c27f8abaa779ee1deab9c3d964d0de3c
SHA512

0e19181bc121518b5ef154fecc57a837e73f36143b9cb51114bd3f54056bc09977abc1e4ef145a03344d9ad2b8e49faa483b4ef70e4176af2bc17a8e5a3cd4ac
SSDEEP

786432:QqJaMb8rrFiWxc+HI9gEPYZG07rn7EBFsMEbi:FmrrFiEHHEPYtrFtbi

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  python-3.12.3-amd64.exe
- Size
  
  25.5MB
- MD5
  
  c86949710e0471a065db970290819489
- SHA1
  
  b1207fba545a75841e2dbca2ad4f17b26414e0c1
- SHA256
  
  edfc6c84dc47eebd4fae9167e96ff5d9c27f8abaa779ee1deab9c3d964d0de3c
- SHA512
  
  0e19181bc121518b5ef154fecc57a837e73f36143b9cb51114bd3f54056bc09977abc1e4ef145a03344d9ad2b8e49faa483b4ef70e4176af2bc17a8e5a3cd4ac
- SSDEEP
  
  786432:QqJaMb8rrFiWxc+HI9gEPYZG07rn7EBFsMEbi:FmrrFiEHHEPYtrFtbi
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence