061c630a9036efc0e9c77b447346c8d626f7cc48b79919e1f9ae1ef66a38a89d | Triage

Sharing

General

Target

Pooke.rar
Size

148KB
Sample

240601-lymfashc7t
MD5

b67d5c1d1e4c7950d4341b222c6c5453
SHA1

daef15677c530064c8373825279e93707de5bd13
SHA256

061c630a9036efc0e9c77b447346c8d626f7cc48b79919e1f9ae1ef66a38a89d
SHA512

a22b79003fff6b6a8f7402e855082b97c03f810a3acd13aab93e27f2aad9c419ab2481b359a843ad3cca7310f3431b290519800cb1632636ee364a73f0908ab6
SSDEEP

3072:JiK7rSFct+BuRLFqFyhfK8C/Ozb+5LnM1nEgF08p:0K7WqsBu3Pzb+ZO1p

Score

8^/10

discovery evasion

Malware Config

Targets

- Target
  
  Pooke.rar
- Size
  
  148KB
- MD5
  
  b67d5c1d1e4c7950d4341b222c6c5453
- SHA1
  
  daef15677c530064c8373825279e93707de5bd13
- SHA256
  
  061c630a9036efc0e9c77b447346c8d626f7cc48b79919e1f9ae1ef66a38a89d
- SHA512
  
  a22b79003fff6b6a8f7402e855082b97c03f810a3acd13aab93e27f2aad9c419ab2481b359a843ad3cca7310f3431b290519800cb1632636ee364a73f0908ab6
- SSDEEP
  
  3072:JiK7rSFct+BuRLFqFyhfK8C/Ozb+5LnM1nEgF08p:0K7WqsBu3Pzb+ZO1p
Score

3^/10
behavioral1
- Target
  
  Pooke/Pooke/Cookin The OOPS.exe
- Size
  
  349KB
- MD5
  
  fb8bb2f17c0146f470b2709efafbefa0
- SHA1
  
  25d242382f10216de7eca27d85fc19d5958bafc8
- SHA256
  
  d1465690b1f7c20fae2fa7fa61a7183f12a6dbc22c04a4df20eecc0375f04acf
- SHA512
  
  7257f7a559caec91d35b0cc67ff31cedbdb0ae507ef8ac651d15036310101eb445587933e4db637242fbaaaceefc6fabbf288df0a58c84ea5d1ea5379cce6bd6
- SSDEEP
  
  6144:ChekwSk8q2+TK5UCTKDI13ZyUk790RQesFJu+KAbO6ADUjG:5v9TK5UCWDQ5k790NsFpFAAa
Score

8^/10

discovery evasion
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral2
- Target
  
  Pooke/Pooke/INSTRUCTIONS.txt
- Size
  
  829B
- MD5
  
  0b747cc3abc9fc97cebb1255d0d234f9
- SHA1
  
  02a7d05261aab8f928fa15cee51e51ead0b14e65
- SHA256
  
  c35df1419892aa96ee4982dadf81f350593c96a37e2ba3c67d22985029cf15f1
- SHA512
  
  7665d45b09bab8c9b2b9b23fd2f34cbf25a34349f0bf814920e38fec78a3f96fa9ed680e475bb960fc636198563fe1b5ad05cc28c06a4933b13633d8479d9ee5
Score

3^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion

behavioral3