General
-
Target
Downloads.7z
-
Size
25.2MB
-
Sample
240626-1lvy8sybql
-
MD5
38d8194d58005b4f05e462a5071e856e
-
SHA1
9f360bc3a31b2b297f1ea61204cca2eeac1dd591
-
SHA256
41e34fc76fd43a06cc56b223578beed100702dc5090285093f7d3fb1b61fe729
-
SHA512
dcc6cadb3bc4840128694f181c120c1ecd470374cfaffa39494a06bc845e2b06e24c90be64b2872931cf9de8235ed6d9c28b569a62f8d6420db056bbfa708b04
-
SSDEEP
786432:6ueeCyWnItwHhMoJd8UChYSu/Dnr0CgkrU5EhGGNB:6OZWnIiHa/PuPla5EhGGX
Static task
static1
Behavioral task
behavioral1
Sample
main.py
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
main.py
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
python-3.12.4-amd64.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
python-3.12.4-amd64.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
main.py
-
Size
857B
-
MD5
b5a2a4002a544f362640e5515ac5b33c
-
SHA1
395dd9b9d6d9698b8e88897f4c68c21d76b2ae67
-
SHA256
483136dd4c00841ea0091676acf194a97ffc37ed4cb9774c68c30842da55e4eb
-
SHA512
5dfe9ae5f77d3c4d730e7b37cd0e62bdb652ccc72e30452762c12a370828cae9aa5101c0348fbdf479e3456151e7fdcfe874c749d8410a03d9ad3920d56fc6ee
Score3/10 -
-
-
Target
python-3.12.4-amd64.exe
-
Size
25.5MB
-
MD5
f3df1be26cc7cbd8252ab5632b62d740
-
SHA1
3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
-
SHA256
da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
-
SHA512
2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89
-
SSDEEP
786432:zRd0l0X/46+nq1rcVqA5Z2bQcLsv0GlYrJF55e2nRk:L5P46+q1QTILMKB5e2nRk
Score6/10-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1