653cfd27b7e988561a5b7af281fc8e0e60285e26a60467b4dcef70590327f728 | Triage

Sharing

General

Target

TeamSyncBotnet.zip
Size

1011KB
Sample

240812-l8994s1akc
MD5

2a27a138d8a1f1a34d4149427b69d785
SHA1

35a9941c175222d9704970e931b6760142d4eeda
SHA256

653cfd27b7e988561a5b7af281fc8e0e60285e26a60467b4dcef70590327f728
SHA512

c98b7903b302c21c8777abe0521ae79682c7da4531fddfece4d8aeeb11f418ed136bde579e7a0ff89da66d140e0f953eb4779e13cc64a4edc7a676d299b0811b
SSDEEP

24576:m9MM9cuzAR3RyDlEKu3n81Sfcu91HHu1Mu/L1wzQtYJ:C9BzUhyDldu3nQW9BHgMKL1wzQ+J

Score

8^/10

discovery execution persistence

Malware Config

Targets

- Target
  
  TeamSyncBotnet.zip
- Size
  
  1011KB
- MD5
  
  2a27a138d8a1f1a34d4149427b69d785
- SHA1
  
  35a9941c175222d9704970e931b6760142d4eeda
- SHA256
  
  653cfd27b7e988561a5b7af281fc8e0e60285e26a60467b4dcef70590327f728
- SHA512
  
  c98b7903b302c21c8777abe0521ae79682c7da4531fddfece4d8aeeb11f418ed136bde579e7a0ff89da66d140e0f953eb4779e13cc64a4edc7a676d299b0811b
- SSDEEP
  
  24576:m9MM9cuzAR3RyDlEKu3n81Sfcu91HHu1Mu/L1wzQtYJ:C9BzUhyDldu3nQW9BHgMKL1wzQ+J
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  Botnet/Botnet.bat
- Size
  
  1.8MB
- MD5
  
  40b83f775740cabe66634fa2c365cc20
- SHA1
  
  9c4ad5d8e0376c743f96468093b8656ca2d84d4a
- SHA256
  
  038b8a10585b6b8e81454d978fe4aabb22b28ea93a17b7b14aeaef66d3efac2c
- SHA512
  
  5025429e59af940fca37ada795b925dccbb23bf7e35169bc95b20cc77be828a288621c8a0f184cf481eed1ee5bee473089c6d5b88728148e9f310cf69b7cd5a2
- SSDEEP
  
  24576:2WZ5oeL8NVRVM+VjRl+H4bZBkhWlacFz66eFcI6mBevOnFOZqd9NnVPpWkX+C0kZ:2H3Rzghw7+6UrgvOFUeUdqb0q
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistence

behavioral2