Overview

overview

8

Static

static

1

d.zip

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    d.zip

  • Size

    138B

  • Sample

    240513-jvng3sdd3z

  • MD5

    a5ca5a0ed29e9c1464c2f1adf3a212a2

  • SHA1

    4948e0a2e3332acaa449375805952d0880db260f

  • SHA256

    fd217a77917977628f1c2aa6ed733aeb66377f53a5300a0951f93970294120c8

  • SHA512

    d46e062b06d706be81e73649d41477684e515f229d6b066c1a7d7d0132156c2e89a0538458e34b25d81000b3275aa432b22747bc3d0af5aef9e817e9b490a316

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      d.zip

    • Size

      138B

    • MD5

      a5ca5a0ed29e9c1464c2f1adf3a212a2

    • SHA1

      4948e0a2e3332acaa449375805952d0880db260f

    • SHA256

      fd217a77917977628f1c2aa6ed733aeb66377f53a5300a0951f93970294120c8

    • SHA512

      d46e062b06d706be81e73649d41477684e515f229d6b066c1a7d7d0132156c2e89a0538458e34b25d81000b3275aa432b22747bc3d0af5aef9e817e9b490a316

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Declares services with permission to bind to the system

    • Legitimate hosting services abused for malware hosting/C2

    • Requests dangerous framework permissions

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks