12c8a9ab93649f8c75399b6b96f4c54e7454cd0eaa25090dc53c223788c85222 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AimmyV2.1.5.zip
Size

51.5MB
Sample

240525-z1rdxsae7z
MD5

5f253f81377176b9091ae669acd1451c
SHA1

ac69f0836b4f07292f026abd64097c48bee33139
SHA256

12c8a9ab93649f8c75399b6b96f4c54e7454cd0eaa25090dc53c223788c85222
SHA512

ffeb2afa63515d1fbd3d39bb45bfa61ca5f63c858cbf9dcce091e7a97bf5e4791736a6398e483a8c804aea76502214160a53bc0d7b072c437b3a54abd29ae385
SSDEEP

1572864:RZ72Vgh57ip1mJxRBrnEyZINZs0Jb2IGLvKEMRj4:njL78EVzEmmJb2IGzKEf

Score

7^/10

Malware Config

Targets

- Target
  
  AimmyLauncher.exe
- Size
  
  161KB
- MD5
  
  1b61edaed8b5543cd875d3d22a219947
- SHA1
  
  45d0ded1b50b37063f3a0f328d56f676ccb0e519
- SHA256
  
  f9b275cef715b35cd5357b881bf2e62a22a6ea01a46f917cd2c072cdd2b3a18c
- SHA512
  
  668b3ee30fa7b2dd4a8e368f8b8eaae387f0641b2f874984e398a11141f520102568520f4fe27b6cd370b0b927f809073f9080092a413086e6f37a06de785a7b
- SSDEEP
  
  3072:BKta93TRDiicws0MWbs2OJiKF/ODxT5CyV9u2jNI8m5:B2wX7bJ39uyNJI
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  DirectML.dll
- Size
  
  13.4MB
- MD5
  
  7982ce756c6e8c8f6bab62eb1902b714
- SHA1
  
  80f79ef136a8b4866bc7be1669584361b9a0ab23
- SHA256
  
  5ab77cc5db8e1544d386fd28586598317da8dcbef098fb86d8d8a60e739e0e5d
- SHA512
  
  71f9b4d30d41a28de009ddfbe6c9328a905dba6bb83623e14e252a255b641b88307c51754d509bed608a44882c5bfb9502bd1a533162a13d78d45c10140ed2e1
- SSDEEP
  
  98304:h4wQAqtHLRf+ZUSlVtwXgGN0gBl5NZsggKnHvibc0PMkFA9q068ZrS+O9mblF8G:mwzq5RGJlViXNHJsgXc/P1m9q0HNJuG
Score

1^/10
behavioral3 behavioral4
- Target
  
  TotallyNotAimmyV2.dll
- Size
  
  6.9MB
- MD5
  
  a95cacbb2a6540d97b99c5df61cb5196
- SHA1
  
  3949201761754ba240d846b36474f1ca2caebb9a
- SHA256
  
  147c739bfecbe74fc1b8e30dfc68b99214160aef76e1b42a360d3a1641b81f91
- SHA512
  
  5e080f7e7ec8159471b95766433c3239b93ed7259a5ecb3bc122621c7e589a322c08be19fbbb2b16329325286348fcde67b1432e33d6e0822972ca4d88eb554d
- SSDEEP
  
  98304:YHFl2w8cuNdWqX/ItGhbIC8LKVBBRHnZs3gP8i+FbiQZfrkE2N10PHRed9jqjHRl:88cuzd4H2VBBRHsfkUfH2kIkdmt5Ti1
Score

1^/10
behavioral5 behavioral6
- Target
  
  TotallyNotAimmyV2.exe
- Size
  
  139KB
- MD5
  
  3d729e9b4df34ddb7ddafe78a01b71eb
- SHA1
  
  2f01d3349288f33a5e50c1d779b27ea65f753249
- SHA256
  
  b48997a06687cbe6dadae5ab45884feadd5921f5fe6f79df810c492557669406
- SHA512
  
  bb476a263e2f29628801826c4f5869424133f26921262a98d399240cc6701519ad7337875adb2fa37f7dec122ec832195d0ea6216022646f61fc735528be5875
- SSDEEP
  
  3072:ZiS4omp03WQthI/US3BZC0EiRQ1G78IVn2tbSkcJB8ltt:ZiS4ompBUS3BZC0C1G78IVEcnct
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8