f8d5089388f4a0d26f4e3db0c7159bb35ee53a1bc7884c8e856467c9bc8d5193 | Triage

Sharing

General

Target

01-06-2024_YKK69exTwLdFPLp.rar
Size

29KB
Sample

240601-xdjdpabe5s
MD5

f5d75f0a47bb91ee4671a5a06b725bd1
SHA1

509697e1cd8a414d29357c3f60d59e23129aaf79
SHA256

f8d5089388f4a0d26f4e3db0c7159bb35ee53a1bc7884c8e856467c9bc8d5193
SHA512

931b1a07be91e659c285e8d108508ea30ff4a57e46187119d4130011ed63b73a57e0ab16da54c5bbb1e575901100ce7d5d237b9b87ad4e7ecf537c2fd614ae8e
SSDEEP

768:09zHrnWv0hEBwLzm8X4erAZOpmBAl7meg6:09zHrg0eozB4zZmmBAl7meg6

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  01-06-2024_YKK69exTwLdFPLp/TFGhost v3.1_CHEATER.FUN/TFGhost/CHEATER.FUN.url
- Size
  
  46B
- MD5
  
  ff08f90a8c84c9a07e3a9f99225852a2
- SHA1
  
  bef8efaac1e01dafd8951f7ceca3adcc2152eab2
- SHA256
  
  016e97e28f1b9dc53eec83bff19b249682dbc695f40840261c1f0f42b08f3c32
- SHA512
  
  475bc83262577b2adc705150555af298fe60f85468d0b210202c43a6b1f7ccf7aed3c7a0aaa154caf12e655035ad94ea17ed00eae05aed948e312d8289c30144
Score

8^/10

discovery
- Downloads MZ/PE file
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  01-06-2024_YKK69exTwLdFPLp/TFGhost v3.1_CHEATER.FUN/TFGhost/DirtyBypassInjector.exe
- Size
  
  84KB
- MD5
  
  b533a099b777db857b48d70f0f9c434c
- SHA1
  
  8453053bbc6e7ba16f126c03b7da7c7788e2b779
- SHA256
  
  15aec7b2ff74d269eee685db011ff582698af4f3b6fd78a6074aa587749106a6
- SHA512
  
  b4102fe027d6e1c3d27a71506a5da1da54e69f717776ad5d8d972bca88c3ad29f1d0aad15f499b67a54162d7323e789156867427bd70892e46842277a47ab167
- SSDEEP
  
  1536:+u6+fbSs6z3bKW3WwSI3WUyImOiVnbmCBnuqxqAboVYkT9ZDAB3AYON1Pvk:Res6zrp3ZVmOiVncqxqAsVY09ZDBNVk
Score

1^/10
behavioral2
- Target
  
  01-06-2024_YKK69exTwLdFPLp/TFGhost v3.1_CHEATER.FUN/TFGhost/TFGhost.exe
- Size
  
  34KB
- MD5
  
  325d0acf415ade24e210efef826c6a4d
- SHA1
  
  af575d7379513da73a194e126d1d551870b6afee
- SHA256
  
  68de806ea6a97297b775bdef67fcf689d6e003d50de8fcd7778bdcdd53de408b
- SHA512
  
  74800e5a5c974d05192bc48f9fcd42cf2c90967ead4601941e72663fb291145b1b6d3724542c5b210e7ffc55d37af906fb35a6a5d6fc337961ac23d780c69bce
- SSDEEP
  
  768:nIqx0PJRlNhSP0098VDLyAgrO5fbRHUqhzabldoaR39fkA:6PJ7NhSP009gLx8eHUnt
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3