Overview

overview

8

Static

static

3

Polar-Snif...es.bat

windows11-21h2-x64

1

Polar-Snif...er.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Polar-Sniffer-main.zip

  • Size

    13.4MB

  • Sample

    240528-tgd2labb4t

  • MD5

    40d35be09487257aa9615ab90a5be417

  • SHA1

    7d8b374e58c06f515a89b875f1ed8d448f46a474

  • SHA256

    478b1bf95029cfae44ecb43ebd3fc08e93599076910da1978324a23a0b3b4f50

  • SHA512

    bd1a4d4ad87cd6f9e4aa41a1b229bd877f92010bb789c9a7ab046dd98a41c48b70b9e0d0b2a96d248bce385c83bfa373f2993c56eb7aa175aabecf52ea073921

  • SSDEEP

    393216:pmKF4aF7XMj5G0dNjCuGCmAcjHo7Keh8Oj+GfYf8RQcTo+D:rF4aF7XM9GyjC5CyHo7nh0f8RQcs+D

Score
8/10
discoverypersistencepyinstaller

Malware Config

Targets

    • Target

      Polar-Sniffer-main/install prerequisites.bat

    • Size

      65B

    • MD5

      2a9672c12b5fac0657f9ef15146392f1

    • SHA1

      e94c72ffa5c60881126e27b69f0625298bc5fa58

    • SHA256

      9fa37a13e3749ce641e918cbc220ac978dc2954e125a2de9a40db077fa8ec361

    • SHA512

      89b8a24d07cdd3c68c677ad708b51c8c09dd5faa0936d0dee31867697054647babf65540e8ebeee379db40093d36dba350b559fac1f2106226f9422b6c2d1962

    Score
    1/10
    behavioral1

    • Target

      Polar-Sniffer-main/polarsniffer.exe

    • Size

      13.6MB

    • MD5

      857edb9d3eed9b094bf5be89b7743ae4

    • SHA1

      88bd467ea89b3a89847d8af0990dacd0da7393e5

    • SHA256

      f2c888faa76e863cbe7ecb932d25a4e23c672892ef30b55d65b84499a4a819fe

    • SHA512

      a3c540c1023006a962564864845be7e5ed04b7596e12c99d4c31e87bca0083522eb9ae61cfd28376967dbdf8a8ebf717ae8a6ca51a2b3dff58d6bea9efb5ed84

    • SSDEEP

      393216:Tx00vW+eGQRIMTozGxu8C0ibfEau5qW80hoA/gJq6fwk5gRfE:Tx00vW+e5R5oztZ0x5qW80h2Zfwk5g9E

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks