ec601c36feeee576997eef1353981acd1f1f33506fb997afee602f1d90b2e3df | Triage

Sharing

General

Target

Vision_loader_fnhack.zip
Size

260KB
Sample

240811-ymvzhsveqr
MD5

1bc4b34f565ef45d6d16c01b430ce2d6
SHA1

d4261020edcf4b71a5b261fddb3a859c352f94e2
SHA256

ec601c36feeee576997eef1353981acd1f1f33506fb997afee602f1d90b2e3df
SHA512

b29714353bfc4d4c60b3bea036ce15a756b91c4f4d273a605e53018afee07d337049cd715a8fa89da00b23c4942dcd38aed15bfed6f9cd07786e98adc903b667
SSDEEP

6144:FeW2kFFwavtnSX3v33W6yXw0EVUqcL8aXSbExY:FeWRLpvpSnvMFdqcL1zxY

Score

8^/10

discovery execution persistence

Malware Config

Targets

- Target
  
  coolscriptcrossbowprediction.lua
- Size
  
  49KB
- MD5
  
  dbf8a506e45e63fd2a48b5020e0fa26c
- SHA1
  
  847d09f21f33d28c724dd6a1eca7a2c5b6ed2ac7
- SHA256
  
  87825a501f466154853f7aa493c63dab4080508df274b3ee690246860c28c3f1
- SHA512
  
  7b793d3a6afe7a46fc561628b800bb47e5191a5880ebf9c648f50353409b0142bc4ea622ba07a68bf877da9b043991c44c66f91edb750fabf6fddb1bd70d3d21
- SSDEEP
  
  768:54FbMJilbsBzVixDFMphFKdlFTQ5H61V9udjOImi2QdyyCXRny4kBU23/nhNy5/n:FinMfQU9yykKBU23/nhNy5yHX1LRMXT
Score

3^/10

execution
behavioral1
- Target
  
  loader_fn_hack.exe
- Size
  
  494KB
- MD5
  
  1b11a579205b36e3fa3329d55ef443b2
- SHA1
  
  12d26104afcc17dd36bddf8f3943ea8ec71bc15e
- SHA256
  
  2e5be386b1b5ae75d64c467ff361c0c1c8a694d920e270af70860f3d1b7d20b2
- SHA512
  
  4645864fea6c7e33214ccc73fee314968f880af7e24886ee9c5c15bca625a2b8a54608b5754b4b7d634a423983b90db1fce82e70a6fd318431fd24d92da85536
- SSDEEP
  
  6144:lK2VfGFeQ0yf1va8qwba/DN26nUEHSRurs6ZU18HvrDR6encr3U/OUDDXaRNEv7B:tUfURlnzyRqXHHUeniADvXaMvU5o
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence