General
-
Target
TangoGen.rar
-
Size
39.6MB
-
Sample
240510-3m7ersgd9v
-
MD5
b58c32edcd7f6a0dde017e53b366734e
-
SHA1
f8d849e656e7e558531bc50f9bd21ff5ed3ba0bc
-
SHA256
d276f07b8b4bbae22e9a6d132575e592379ffa926dd799edc8af90b7c32469cc
-
SHA512
f8735f6255d91a5b995c9ce649081c7168192e1ffdc530b3f7437d8814499d7169b548f019fc699546aa948f0a1c6645b9bce011f8f36d077f13c2561ee4a43e
-
SSDEEP
786432:KPHWHQPy/YHd36kucu8MrAoX+BFPdE0A9hC9OsHSUejej5siFGxUEOOEDolF6:6WHs36kuzPrnoED6OsHSUejG5siFuUMW
Static task
static1
Behavioral task
behavioral1
Sample
TangoGen.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TangoGen.rar
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
TangoGen.rar
-
Size
39.6MB
-
MD5
b58c32edcd7f6a0dde017e53b366734e
-
SHA1
f8d849e656e7e558531bc50f9bd21ff5ed3ba0bc
-
SHA256
d276f07b8b4bbae22e9a6d132575e592379ffa926dd799edc8af90b7c32469cc
-
SHA512
f8735f6255d91a5b995c9ce649081c7168192e1ffdc530b3f7437d8814499d7169b548f019fc699546aa948f0a1c6645b9bce011f8f36d077f13c2561ee4a43e
-
SSDEEP
786432:KPHWHQPy/YHd36kucu8MrAoX+BFPdE0A9hC9OsHSUejej5siFGxUEOOEDolF6:6WHs36kuzPrnoED6OsHSUejG5siFuUMW
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2