285600cafa0475b557b8f722dcc4628b7e7780a593c69fec0954046a45272ee8 | Triage

Sharing

General

Target

TestRat.02.APP.zip
Size

91KB
Sample

240722-vh84ssxerc
MD5

4c92ac3b6123d6510273d7894067eefe
SHA1

7723acd7093b7422cb8b074d0091f99afd4f32ed
SHA256

285600cafa0475b557b8f722dcc4628b7e7780a593c69fec0954046a45272ee8
SHA512

65c097000464ea02341a849125a786daf5e1a2ab12464b5a03af9ea23807796cd3c42ca8c862522bc4a8f0b881d54c27af75b30ba21153705feaf65b6bece3c3
SSDEEP

1536:Z8yFhEizoLNrYHPepeOOayzavjOgPRHwwi21HwiuYhF3NKu:ZZFW4zvepek7PRji25w5Yhiu

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://github.com/Daulaires/Daulaires/releases/download/Lester/Demo.zip

Targets

- Target
  
  TestRat.02.APP.dll
- Size
  
  23KB
- MD5
  
  b59778e44a2f95b038cb3482834dcc5e
- SHA1
  
  42a34e81d0759d99277c1d52f79000854361f829
- SHA256
  
  e74306f114ac629c7fb15bfcd512829743899f2793be9e48407382df6f29187e
- SHA512
  
  fd317aabed56b4e9efdc60ae9f19a505adc3fe394559cc9f7fa7bbae17b0fea28097e5993d9096d64df79fa00bc9adba3d5d798f1c3ef89052bd0ba6c5e46fd6
- SSDEEP
  
  384:25HGXComOhEroBdNR17IMTRVag6uhob5Ef87bo50P1IFVpqNb54M3KYJ7Oi+/:QSComOhEWdNAV5d7bJUS73tqD
Score

1^/10
behavioral1 behavioral2
- Target
  
  TestRat.02.APP.exe
- Size
  
  139KB
- MD5
  
  6d75b31bfa691bdf32c0c9331c8b7ff7
- SHA1
  
  5387d89075eb924adca7318add02c0bca8812a9e
- SHA256
  
  fb1e3c46ce349e7ae853621f708fe0bfa08e142b6f6262dc9ab6f8e03cb5380f
- SHA512
  
  ca08fd9ed2543ff13167f57e27fe4fbb6a395161e25902b7c9ec562034f6cb9aa24f2a32c04341b5ac29c49bd683393856742bd0f400e2c0cc660760ab2b7b83
- SSDEEP
  
  3072:CAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJA8lW7:CAi4pxpRkyHRZa0Gl278IVNc2cW
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4