1c3a8d10a8c1c82e48adcd16caf91bf1f1c01dfe5a5c840bbdcd6ed4596f1590 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

screenshare-tool.exe

windows10-1703-x64

8

Resubmissions

27/07/2024, 14:31

240727-rvs2katejl 8

27/07/2024, 14:27

240727-rseq6awhld 8

Sharing

Copy URL Twitter E-mail

General

Target

screenshare-tool.exe
Size

558KB
Sample

240727-rvs2katejl
MD5

4aadb1c41224891c6ad25a9ee86da2a0
SHA1

84a632f4585e84f5316c2ca41c765b40d462bb48
SHA256

1c3a8d10a8c1c82e48adcd16caf91bf1f1c01dfe5a5c840bbdcd6ed4596f1590
SHA512

ddef07c68eb7fea1863e38b276c33f8a813878d07ccc60a8e67f36f6995f08c066f131d81dbcb82233550e33334a16e35b3b9ff3736af964cade78f1121bf18d
SSDEEP

12288:POdWvo6CzYY8eIP5PDRZMsYPKk7khBLs:vvBCzTXI1DnMlPKk7khB4

Score

8^/10

discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

screenshare-tool.exe

Resource

win10-20240611-en

discovery evasion

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  screenshare-tool.exe
- Size
  
  558KB
- MD5
  
  4aadb1c41224891c6ad25a9ee86da2a0
- SHA1
  
  84a632f4585e84f5316c2ca41c765b40d462bb48
- SHA256
  
  1c3a8d10a8c1c82e48adcd16caf91bf1f1c01dfe5a5c840bbdcd6ed4596f1590
- SHA512
  
  ddef07c68eb7fea1863e38b276c33f8a813878d07ccc60a8e67f36f6995f08c066f131d81dbcb82233550e33334a16e35b3b9ff3736af964cade78f1121bf18d
- SSDEEP
  
  12288:POdWvo6CzYY8eIP5PDRZMsYPKk7khBLs:vvBCzTXI1DnMlPKk7khB4
Score

8^/10

discovery evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

© 2018-2025

Terms | Privacy