General
-
Target
Downloads.7z
-
Size
25.2MB
-
Sample
240626-1p8z9sydmq
-
MD5
6e2feef5f1b9ac7b067c50457fc9d41e
-
SHA1
a0e02eb105c1f4e27aafcff03231614e18717cd4
-
SHA256
68a7155ac2ad3a0464625945cde44f577fc17dc6b5f70344b16a7ec1f2892042
-
SHA512
6ebe48ee853afb7344cb0418b7d4bfd707d05debe9aa4331b6b688d75507d8593ec9348b2e5f45116581238517ca36aa8601bfa40ce7b8ce20ffc328a903d30c
-
SSDEEP
786432:WueeCyWnItwHhMoJd8UChYSu/Dnr0CgkrU5EhGGN0:WOZWnIiHa/PuPla5EhGGW
Static task
static1
Behavioral task
behavioral1
Sample
python-3.12.4-amd64.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
python-3.12.4-amd64.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
python-3.12.4-amd64.exe
-
Size
25.5MB
-
MD5
f3df1be26cc7cbd8252ab5632b62d740
-
SHA1
3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
-
SHA256
da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
-
SHA512
2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89
-
SSDEEP
786432:zRd0l0X/46+nq1rcVqA5Z2bQcLsv0GlYrJF55e2nRk:L5P46+q1QTILMKB5e2nRk
Score6/10-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1