General
-
Target
SpySheriff.zip
-
Size
1.3MB
-
Sample
240524-1n2jsscc8s
-
MD5
5ec70a62b7fa20507ab4b70c3389bb37
-
SHA1
68ee641337d66b3d6c31dd7f0729afbf2bbdc069
-
SHA256
d16dddc1e9ad69c5ef67afd93eb801c74ca5b95ec8b46741786c8c8ec47b1b1d
-
SHA512
0a11577e6ca68124741cf9d3f9357839cd28e83b60a074b06065a962102c14401ecd7035042b9197263ca42626b14e18356d4d413fb2217f52cfe93009cb56e8
-
SSDEEP
24576:VNgDMZ96GXyY03689pDhw0Ifxpa+7FLzMrn7a7gIWAxZjD9YenhEdNxA1P:7c05yY2vDhAraskS7p/NY2KA1P
Behavioral task
behavioral1
Sample
SpySheriff.zip
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
SpySheriff.zip
-
Size
1.3MB
-
MD5
5ec70a62b7fa20507ab4b70c3389bb37
-
SHA1
68ee641337d66b3d6c31dd7f0729afbf2bbdc069
-
SHA256
d16dddc1e9ad69c5ef67afd93eb801c74ca5b95ec8b46741786c8c8ec47b1b1d
-
SHA512
0a11577e6ca68124741cf9d3f9357839cd28e83b60a074b06065a962102c14401ecd7035042b9197263ca42626b14e18356d4d413fb2217f52cfe93009cb56e8
-
SSDEEP
24576:VNgDMZ96GXyY03689pDhw0Ifxpa+7FLzMrn7a7gIWAxZjD9YenhEdNxA1P:7c05yY2vDhAraskS7p/NY2KA1P
Score1/10 -
-
-
Target
SpySheriff.exe
-
Size
403KB
-
MD5
c899f93e8b753fedd068ef3fe2edb0fd
-
SHA1
144b1f18d0e307d14937c21ca1d7cbfc91828a10
-
SHA256
5c2a85fb56de2e0a1a1d260ef2177e0209477586c8a6740494bbaf40a9785f47
-
SHA512
1aceacb4eba0815322dd3fcd273d8703408362eee3b2d2b5981d2abbe4c2b02852608f46b2e7ce46a50e921871d445c239014b5957c6ba0606bd0334ce7bd41b
-
SSDEEP
12288:eBMDMf+ztV53y2k9I68iXDycz+rYIYsVRSHsDr:eS4S53h68eIZjD
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1