311e4cc88e9034bbb5c758f11333e67c72ff0ed8d84557a3205a4d86bedd4e95 | Triage

Sharing

General

Target

Abyss.exe
Size

15.9MB
Sample

240712-qcaxlavclk
MD5

0ba5fcce81cf9d8972499c1afae20c80
SHA1

b1d471f3350d70e2825e21904edd8315e642097d
SHA256

311e4cc88e9034bbb5c758f11333e67c72ff0ed8d84557a3205a4d86bedd4e95
SHA512

f41b0f7dc97c609863e747bfb303419a1da03b8b3ce8adf22c74da9132d5d04f4d5fa4bfdf52d90f8a0dcf9d99ae870c5270f9f6b0abe771a7d369300a425f3b
SSDEEP

393216:8mc4gP8AxYDX1+TtIiFGMiP1gZY9Z8D8CclzEJ0oO:834bX71QtIWiP2a8DZcJT

Score

8^/10

execution pyinstaller

Malware Config

Targets

- Target
  
  Abyss.exe
- Size
  
  15.9MB
- MD5
  
  0ba5fcce81cf9d8972499c1afae20c80
- SHA1
  
  b1d471f3350d70e2825e21904edd8315e642097d
- SHA256
  
  311e4cc88e9034bbb5c758f11333e67c72ff0ed8d84557a3205a4d86bedd4e95
- SHA512
  
  f41b0f7dc97c609863e747bfb303419a1da03b8b3ce8adf22c74da9132d5d04f4d5fa4bfdf52d90f8a0dcf9d99ae870c5270f9f6b0abe771a7d369300a425f3b
- SSDEEP
  
  393216:8mc4gP8AxYDX1+TtIiFGMiP1gZY9Z8D8CclzEJ0oO:834bX71QtIWiP2a8DZcJT
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to get system information as a root user.
  execution
- Loads dropped DLL
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2