General
-
Target
no_pass_virus.zip
-
Size
36.5MB
-
Sample
240528-v92tsseh34
-
MD5
c3567a4f1b6fb3f24402f1e615ff2958
-
SHA1
00a80986fe48ce872bbc2bd110e6c6b7e70396af
-
SHA256
8cfa451af9b3468c84c8d68cbcd571ef98ab1010cb3cb8d8a22f84886863d087
-
SHA512
411c89d776c5cfd71ea78160a12ea58c893ea7cd799744b6142ef12528bd387c7ad1184d831f8c36d9070a7ea5613a8d7b7b005b961b4fd958cd77de02364126
-
SSDEEP
786432:s2S+ExB+0Gfo7hMawv53dYceB1i9XXlF1FgRQPDiQSnK+2OAamA4l9Prej9:sv+Epb1xCddYEPIGPGQx+2OChreZ
Static task
static1
Behavioral task
behavioral1
Sample
no_pass_virus.zip
Resource
win10-20240404-en
Malware Config
Extracted
https://opensun.monster/25053.bs64
Targets
-
-
Target
no_pass_virus.zip
-
Size
36.5MB
-
MD5
c3567a4f1b6fb3f24402f1e615ff2958
-
SHA1
00a80986fe48ce872bbc2bd110e6c6b7e70396af
-
SHA256
8cfa451af9b3468c84c8d68cbcd571ef98ab1010cb3cb8d8a22f84886863d087
-
SHA512
411c89d776c5cfd71ea78160a12ea58c893ea7cd799744b6142ef12528bd387c7ad1184d831f8c36d9070a7ea5613a8d7b7b005b961b4fd958cd77de02364126
-
SSDEEP
786432:s2S+ExB+0Gfo7hMawv53dYceB1i9XXlF1FgRQPDiQSnK+2OAamA4l9Prej9:sv+Epb1xCddYEPIGPGQx+2OChreZ
Score10/10-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1