ea717e5576dbd3052c3429470ad4f3bc9bae374d4b9cc7d1c0e68055ec810543 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Screenshot...50.png

windows10-2004-x64

8

Resubmissions

11-08-2024 18:50

240811-xg9eaasfln 8

11-08-2024 18:41

240811-xb31bawgma 8

11-08-2024 18:41

240811-xbw7rsscqp 1

11-08-2024 18:38

240811-w93xjasbrn 3

11-08-2024 18:17

240811-ww3plsvhra 6

11-08-2024 18:16

240811-wwlq4avhpb 1

11-08-2024 18:15

240811-wv93as1ejl 1

11-08-2024 17:52

240811-wf7cvszgmp 10

Sharing

General

Target

Screenshot 2024-08-06 212650.png
Size

302KB
Sample

240811-xg9eaasfln
MD5

8215cf98ee78db9c15eb03c1d565f6f9
SHA1

03020983659e6d6c61631de0bfdec9a965ec5155
SHA256

ea717e5576dbd3052c3429470ad4f3bc9bae374d4b9cc7d1c0e68055ec810543
SHA512

8e16cdb25bd785bf11608fb983125f71394da0091fa9769ee8504194d0626fca1b66e08245ba6d52af1e498bc16635fcdaedf1dd6b4a77cf9a53d4cd5278a28e
SSDEEP

6144:Rl53DXhOKICpEkz40IFGtwyYCzGpvgrUz9iYdwYIsQ1IxxeTMuG:RlxXgKI2xzdqG1ZTrURnuRsdxxe8

Score

8^/10

discovery motw phishing

Static task

static1

Behavioral task

behavioral1

Sample

Screenshot 2024-08-06 212650.png

Resource

win10v2004-20240802-en

discovery motw phishing

windows10-2004-x64

27 signatures

300 seconds

Malware Config

Targets

- Target
  
  Screenshot 2024-08-06 212650.png
- Size
  
  302KB
- MD5
  
  8215cf98ee78db9c15eb03c1d565f6f9
- SHA1
  
  03020983659e6d6c61631de0bfdec9a965ec5155
- SHA256
  
  ea717e5576dbd3052c3429470ad4f3bc9bae374d4b9cc7d1c0e68055ec810543
- SHA512
  
  8e16cdb25bd785bf11608fb983125f71394da0091fa9769ee8504194d0626fca1b66e08245ba6d52af1e498bc16635fcdaedf1dd6b4a77cf9a53d4cd5278a28e
- SSDEEP
  
  6144:Rl53DXhOKICpEkz40IFGtwyYCzGpvgrUz9iYdwYIsQ1IxxeTMuG:RlxXgKI2xzdqG1ZTrURnuRsdxxe8
Score

8^/10

discovery motw phishing
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverymotwphishing

© 2018-2024

Terms | Privacy