909a3de501b8a60aa852003d29389c444da302d6add765c9131e04f0d69ca6d9 | Triage

Sharing

General

Target

8be090cc-f326-434b-aff0-5bd0f08b1941.zip
Size

2.9MB
Sample

240611-r3xpqa1ang
MD5

2b385df952bfb1d358cadefa8b8e4b69
SHA1

13cf5cb5947925b512162780bcaa13a2dc79755d
SHA256

909a3de501b8a60aa852003d29389c444da302d6add765c9131e04f0d69ca6d9
SHA512

adcbd7cc4e091ca933e269baeed9b2c316247c4f04a354b17a985a20c6ec3918994d9f96beb636d90a9c4148e93bb8d9edd00a4355966784557518acfcdfb444
SSDEEP

49152:SEzU72yfYEKmCcM2xbZgaExHXD6E6HERW6pMLO6R0vFDlcAsXpkd+6jTlKeyIcy:3IRAErC12xbZBYHXD0k/MmVlcx2YFy

Score

6^/10

execution persistence

Malware Config

Targets

- Target
  
  PDFTool-v3.2.1233.0_49726896.msi
- Size
  
  5.0MB
- MD5
  
  615be873a5ff5041d9d376f1b28b0695
- SHA1
  
  1cb3dfca3a92af9e6beab6c38ee47dc32203f5c2
- SHA256
  
  0dbc1c15cefbcd850388cc9a31b690cc1254b9e724f9cd8cd9165e775df48307
- SHA512
  
  8917d6787772c751b4aa876dfdc66975fcd8b10705fca38f5f266c06b5000ae2f5050fb2a0dbc0942cb4d3153f616a3f7ddee8ad48a05065d61a3770f6b94842
- SSDEEP
  
  98304:AVHYDgFZyclJ6PcGJfEa24Njxk6HgDxR0GStY:UNZyIc39NxbQUY
Score

6^/10

execution persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence