26a9f1460d39efc3c1a55187e119982da6719692cb83d2c30bf0e6dd8fb70670 | Triage

Sharing

General

Target

F8DA3C48BE96.exe
Size

2.1MB
Sample

240817-z63n5szgjq
MD5

1dbf4a8467163f45008047c43a782be0
SHA1

8d795660e1162ce4ee3ad01eb75e28aa72a3357b
SHA256

26a9f1460d39efc3c1a55187e119982da6719692cb83d2c30bf0e6dd8fb70670
SHA512

8e0a4b624fba8edce274cbb4b5f47a3ebd40bcbbb56b1d7f579950da787479360ac35b700f728c7ceae9e62e0e16ffdff03b3541eb08a1dc24ad3109b14860a0
SSDEEP

49152:ijCsZVi6Le0QtM8aE2erNQ7QlPC170zGpT37kB6q:ijFHp668TEZkUT66

Score

8^/10

execution

Malware Config

Targets

- Target
  
  F8DA3C48BE96.exe
- Size
  
  2.1MB
- MD5
  
  1dbf4a8467163f45008047c43a782be0
- SHA1
  
  8d795660e1162ce4ee3ad01eb75e28aa72a3357b
- SHA256
  
  26a9f1460d39efc3c1a55187e119982da6719692cb83d2c30bf0e6dd8fb70670
- SHA512
  
  8e0a4b624fba8edce274cbb4b5f47a3ebd40bcbbb56b1d7f579950da787479360ac35b700f728c7ceae9e62e0e16ffdff03b3541eb08a1dc24ad3109b14860a0
- SSDEEP
  
  49152:ijCsZVi6Le0QtM8aE2erNQ7QlPC170zGpT37kB6q:ijFHp668TEZkUT66
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2