Overview

overview

7

Static

static

3

1. NET_Fra....8.exe

windows11-21h2-x64

7

2. VC_redist.exe

windows11-21h2-x64

4

3. RAE_2024.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RAE_2024.zip

  • Size

    39.0MB

  • Sample

    240730-ad1awasbmh

  • MD5

    5d7abfcf8e8398438091750bda9ff31a

  • SHA1

    e8b169db60fb4c4564c1e5f19ee59998f6df78f0

  • SHA256

    0fa575b56483b84433329d8d518baffb34d7f825735ef7851b762d83955f1e34

  • SHA512

    f998ba2127d6d4cf0538f89c5d5a3a2dbebbd1112f48c292fb151ee91a41176bf70e51eea4114d0bcc625d0ddb57c5d8b8d53f236c94643f75f7db3dd1e009f0

  • SSDEEP

    786432:6BtjjwbEXKJdSYNoDKD88pDZB9wQmTqIIA8GgOwEzN7GUN6bZ5kdj2u5+3n0jeG:YtnwbEaroU8Aw3yGgODZ7sk51+30iG

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      1. NET_Framework_4.8.exe

    • Size

      1.4MB

    • MD5

      34a5c76979563918b953e66e0d39c7ef

    • SHA1

      4181398aa1fd5190155ac3a388434e5f7ea0b667

    • SHA256

      0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa

    • SHA512

      642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040

    • SSDEEP

      24576:xGHL3siy910NSmtLvUDSRbm4Jah1rVx8MjoGO8W6cbZtgd6AmpITsz0+lLF7cy:mL3s7K8eTUDBzrVx8MjoGO8W6cbs8NpT

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

    • Target

      2. VC_redist.exe

    • Size

      13.2MB

    • MD5

      9882a328c8414274555845fa6b542d1e

    • SHA1

      ab4a97610b127d68c45311deabfbcd8aa7066f4b

    • SHA256

      510fc8c2112e2bc544fb29a72191eabcc68d3a5a7468d35d7694493bc8593a79

    • SHA512

      c08d1aa7e6e6215a0cee2793592b65668066c8c984b26675d2b8c09bc7fee21411cb3c0a905eaee7a48e7a47535fa777de21eeb07c78bca7bf3d7bb17192acf2

    • SSDEEP

      196608:oRjgvJ2flpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42BE6+2DQlMp1sHW5ZDmCCM0Xr:IgRIlptVYmfr7yBG/4pXMHsHW76CsGE

    Score
    4/10
    discovery
    behavioral2

    • Target

      3. RAE_2024.exe

    • Size

      26.1MB

    • MD5

      52ed73c74614cc4309e958406d3a2ef2

    • SHA1

      5b85c1c336d6dc8efc07e430c83194ef2109d747

    • SHA256

      d0b4026d7684607ef94ad4ae4cb3666000ba588ca9fe40d210de5519290d1b4d

    • SHA512

      f34ea34a2d5b50eb272484ebed9ca1d7bc5df01772f7115b628863172a6012926fb8e93d7845d40d72562d102b6c8572d58bc28992448fc311ed29aa9f20c150

    • SSDEEP

      786432:za1hq2C6sudmKIboommuvFI+pPncLt5+PLM2RqAosPOaeE:4C6Vyoomz9I+i+DhqA12jE

    Score
    7/10
    discoverypersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

3
T1614

System Language Discovery

3
T1614.001

Query Registry

5
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks