Overview

overview

10

Static

static

10

Release/Server.exe

windows10-2004-x64

10

Resubmissions

26-07-2024 05:05

240726-frc1ds1drf 10

25-07-2024 07:20

240725-h567hayclf 10

24-07-2024 14:30

240724-rvd8ea1akj 10

24-07-2024 13:56

240724-q83bqasdqb 10

23-07-2024 11:06

240723-m7t26stbmr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Release.rar

  • Size

    33.6MB

  • Sample

    240725-h567hayclf

  • MD5

    8f8b7b49cb9e5d8ca07edee103c4afd1

  • SHA1

    4327f538b6d8ac05ab2f7ab8637a6734830db3da

  • SHA256

    1ce8df74c00786b111839785779d8d1f00fa9aada5ca27b16c650533a6ab88b5

  • SHA512

    e11336c94a2a21be8cddb4daa48d410719b365846198e09940a6bb06db2bf5a363c60e78566af69c15a953c908f6f4eb975a5f9183109fb28131d5aa8be12203

  • SSDEEP

    786432:yTJDjA+wSMijxzmELz3osAUCPKXvNa1kG6D/wmGa:yTBjVJ7z3owCP0vNaaG6ua

Score
10/10
asyncratxmrigdiscoveryminerpersistenceprivilege_escalationpyinstallerrat

Malware Config

Targets

    • Target

      Release/Server.exe

    • Size

      1.0MB

    • MD5

      97fdf675692906714405d7e9bd6a9c61

    • SHA1

      f388a87852ca61122f2563b9919625d33c7efe78

    • SHA256

      dd3c72966f70692309714ec42461021fef21c26ad33b1b43e3232186b632a44b

    • SHA512

      06f371bbec435746a876bb8127979c46fb1a21949c7f2b1f0e7edd4895382c5018113d52cf86485fa8d269f5c4b597c2739519db11b78bb7574638272ebf925c

    • SSDEEP

      24576:UcBAVQOcXu65lmmomlEkmmsEnE7E7E7EUmemmmmmmIDmeQaKM:USAVQTXuElmmomSkmmtEQQQUmemmmmmL

    Score
    10/10
    discoverypersistenceprivilege_escalation

    • Modifies WinLogon for persistence

      persistence

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

      persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

AppInit DLLs

1
T1546.010

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

AppInit DLLs

1
T1546.010

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks