ce7d6fdbe43eff57bb876aadb602875245e9ef0853a4cee990e90b56e46c8f70 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

run.sh

windows10-2004-x64

8

Resubmissions

29-05-2024 15:20

240529-sq294sba95 8

29-05-2024 15:16

240529-snretsba43 8

29-05-2024 13:42

240529-qzqxbsha92 3

29-05-2024 13:41

240529-qzjs1sgb8w 1

29-05-2024 13:41

240529-qzc1gagb7w 1

29-05-2024 13:40

240529-qytltsgb5y 1

29-05-2024 13:37

240529-qwx68sga9z 8

Sharing

General

Target

magiskForMEmu.zip
Size

2KB
Sample

240529-sq294sba95
MD5

ec3ebb5f39a5956156f425406486076a
SHA1

ae3d95179216e01f716a4d52036e523f53b2186d
SHA256

ce7d6fdbe43eff57bb876aadb602875245e9ef0853a4cee990e90b56e46c8f70
SHA512

a14a45cfd277e6c05f346b1467dc1873cb32318f9a9ad1c893d2038a46c89cafae6398a7f36e367f3200bf11c7680f35a2ec05a9fcf09d7d500568f84f7090ac

Score

8^/10

execution persistence

Static task

static1

Behavioral task

behavioral1

Sample

run.sh

Resource

win10v2004-20240508-en

execution persistence

windows10-2004-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  run.sh
- Size
  
  6KB
- MD5
  
  a19ea6e0b80c0ea089a45a5df67d5135
- SHA1
  
  1f3c7988f72994c5a5e6cd016b6873110462190d
- SHA256
  
  24306ec71a02ecfcec3aff9dafa69e94e202c03cd116003f36d7bdd2f5922849
- SHA512
  
  0c4f25b1876864f7b245e4de53b5012da1696eb7277b19c27f42474f094cb4951afa1a7c4d38b9b348505e3325aa4c1adb5bdb729ff19254ff78a9c86b058418
- SSDEEP
  
  192:1A1MIPVGKsSJBHWBYqX78scQa9xS/+TtD4z:1cMIPVGJSJBHWBYqXqs/MtEz
Score

8^/10

execution persistence
- Creates new service(s)
  persistence execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

executionpersistence

© 2018-2024

Terms | Privacy