General
-
Target
Towers (Paid).exe
-
Size
20.1MB
-
Sample
240619-arm8gazemb
-
MD5
78f2167ffc65737f93605ed6004e5f38
-
SHA1
d6ec25ee83c8e0e0aa1a97fd7949ad60e24b2e1b
-
SHA256
34d8469a325db034742a082299caef8a82f2e0e18e6988fdaf15efea34f9ef6f
-
SHA512
a1f345b9cd1ff6d2c0897a05d865935c7f0322b1704532c373d2a84982420021d2000679d66e47d364dfdfb8e6a4136093c9e42713886d0906857b3b5b4f45dc
-
SSDEEP
393216:1zEYPh8EL2Vmd6mI/m3pyc/eEJ4mbYV4aR5heV2BUp/Io3c8m0HK:OIyVmdSKyuh4yY/eVAoMQHK
Behavioral task
behavioral1
Sample
Towers (Paid).exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Towers (Paid).exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Towers (Paid).exe
-
Size
20.1MB
-
MD5
78f2167ffc65737f93605ed6004e5f38
-
SHA1
d6ec25ee83c8e0e0aa1a97fd7949ad60e24b2e1b
-
SHA256
34d8469a325db034742a082299caef8a82f2e0e18e6988fdaf15efea34f9ef6f
-
SHA512
a1f345b9cd1ff6d2c0897a05d865935c7f0322b1704532c373d2a84982420021d2000679d66e47d364dfdfb8e6a4136093c9e42713886d0906857b3b5b4f45dc
-
SSDEEP
393216:1zEYPh8EL2Vmd6mI/m3pyc/eEJ4mbYV4aR5heV2BUp/Io3c8m0HK:OIyVmdSKyuh4yY/eVAoMQHK
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2