Overview

overview

8

Static

static

3

MWIII_IRIS....5.exe

windows10-2004-x64

8

Resubmissions

09-07-2024 18:56

240709-xltjmazbqn 9

09-07-2024 16:59

240709-vhlcqstgpm 9

09-07-2024 14:31

240709-rvwsfsybnk 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MWIII_IRIS_AIO_V3.5.exe

  • Size

    10.9MB

  • Sample

    240709-rvwsfsybnk

  • MD5

    dc43693ef7c1e53d46b0da91191597db

  • SHA1

    aef31787fe96864a8ae38793d4974fc254cddf50

  • SHA256

    be6c7b0c87bdb9426bbbab27b7574d3bcd435126b8130bbd2c2ce516e077e4e8

  • SHA512

    d5190aa5c30e941908560709917ea59dc6400f4ba1bbf2aa15c4abaa08d62cc1f7aa4cd154dbea9c537ddc513005ec1b25146a2d7b8951da14cac2542861fb26

  • SSDEEP

    196608:Or9iC3AAslutR6k0SxVCypmKEqEOdoFldQ+6XVizae1haPXM3dkIftIia9tkfc:+9ikAAsUvl0aH2qbdoLPae1hIc3TtIiu

Score
8/10
evasionexecutionpersistence

Malware Config

Targets

    • Target

      MWIII_IRIS_AIO_V3.5.exe

    • Size

      10.9MB

    • MD5

      dc43693ef7c1e53d46b0da91191597db

    • SHA1

      aef31787fe96864a8ae38793d4974fc254cddf50

    • SHA256

      be6c7b0c87bdb9426bbbab27b7574d3bcd435126b8130bbd2c2ce516e077e4e8

    • SHA512

      d5190aa5c30e941908560709917ea59dc6400f4ba1bbf2aa15c4abaa08d62cc1f7aa4cd154dbea9c537ddc513005ec1b25146a2d7b8951da14cac2542861fb26

    • SSDEEP

      196608:Or9iC3AAslutR6k0SxVCypmKEqEOdoFldQ+6XVizae1haPXM3dkIftIia9tkfc:+9ikAAsUvl0aH2qbdoLPae1hIc3TtIiu

    Score
    8/10
    evasionexecutionpersistence

    • Creates new service(s)

      persistenceexecution

    • Downloads MZ/PE file

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks