572ad5a3823600f48e9bee01a39f0822ce8f13f24b33808e6d9abaa4c6f3249c | Triage

Submit
Reports

Overview

overview

8

Static

static

3

OlivedPro-....2.exe

windows7-x64

1

OlivedPro-....2.exe

windows10-2004-x64

8

Sharing

General

Target

OlivedPro-web-windows-amd64-v0.15.2.zip
Size

60.4MB
Sample

240709-hxlktsthmd
MD5

34e65bda4b69f4bee966d2920e7c0482
SHA1

94cd2b5f05f9425239ed150b6d0aa10d85364a62
SHA256

572ad5a3823600f48e9bee01a39f0822ce8f13f24b33808e6d9abaa4c6f3249c
SHA512

04a336e1d9d2c5713940873ad589572e2f0ccb493197a14edf07d5e88cb489b95c36247e780a779af59ce8b42de98b10016c9f942fa8b5d61f5a4ed469b09eb8
SSDEEP

1572864:COEnC6tXwR+wlVJZwN5mDAhMBdWIIiQ4WVWYIu9lpWa:ACKXwVvIiBdWItghpWa

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OlivedPro-web-windows-amd64-v0.15.2.exe

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

OlivedPro-web-windows-amd64-v0.15.2.exe

Resource

win10v2004-20240704-en

discovery persistence privilege_escalation

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  OlivedPro-web-windows-amd64-v0.15.2.exe
- Size
  
  130.3MB
- MD5
  
  93ff2b8577bc051d888853dbf445cf99
- SHA1
  
  ce8ad743c0384e2cb12f75de4c94c158b5d51689
- SHA256
  
  1e9f36427da1eb1289e5f60086dd715cb43b2af4e38a1c49dc14e362da848a92
- SHA512
  
  5527f981c8cc2ed44a7bf1d9bc42e590031deeb8cc5f3e074e64724ced3ccb384f2dc93f31f107769239e972665c60a3ebe828c93646913ee3c12663ce0733ed
- SSDEEP
  
  1572864:7mtHTcnc/GgDCsOCxaMtwFTmgLEX4VsjxtOZwdcYS/aEHBt6w5Hnflkg+rkVRJsu:Coc/HaWc
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2024

Terms | Privacy