d4edaa6438dadc7c0b82655a5fe3054ddcf2932f55a177a0f08919484f930796 | Triage

Sharing

General

Target

Nova Launcher V2.exe
Size

121KB
Sample

240704-f12ecawflk
MD5

11f6b755147b4ca6b441620c0ac39268
SHA1

c93ca611430e685572cbdd7b762633a91b0671ad
SHA256

d4edaa6438dadc7c0b82655a5fe3054ddcf2932f55a177a0f08919484f930796
SHA512

5465d1e5df7a0e34bab7c997a777b86ea447a3519ab993e65216b9dae54e6285ae50b953979736a87b748520ef502a3c6e513b0f4bcdf864addb9247caa1562b
SSDEEP

3072:paPSy6sZ7z/N7kvRS6s5nTsz4IwqJOSIHbBFiMa:tyXrNcNs5nTsyHHb6M

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  Nova Launcher V2.exe
- Size
  
  121KB
- MD5
  
  11f6b755147b4ca6b441620c0ac39268
- SHA1
  
  c93ca611430e685572cbdd7b762633a91b0671ad
- SHA256
  
  d4edaa6438dadc7c0b82655a5fe3054ddcf2932f55a177a0f08919484f930796
- SHA512
  
  5465d1e5df7a0e34bab7c997a777b86ea447a3519ab993e65216b9dae54e6285ae50b953979736a87b748520ef502a3c6e513b0f4bcdf864addb9247caa1562b
- SSDEEP
  
  3072:paPSy6sZ7z/N7kvRS6s5nTsz4IwqJOSIHbBFiMa:tyXrNcNs5nTsyHHb6M
Score

8^/10

execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence