de02d7822ae6eed0166289527528640683c3011a74d181c8f9dcf84adc3289e5 | Triage

Resubmissions

19-08-2024 16:28

240819-tyxv2avalc 10

19-08-2024 16:27

240819-tygh2sxhpk 10

Sharing

General

Target

TropicalBypasser.exe
Size

145KB
Sample

240819-tyxv2avalc
MD5

95f5058c852a269c21e732787d0b8f0d
SHA1

ce09b819d27ce21a420fa71d3b49fe123cd5f67d
SHA256

de02d7822ae6eed0166289527528640683c3011a74d181c8f9dcf84adc3289e5
SHA512

9ca2b383964df818e254472ee255ef882bcca287287e77d2271c47655846f1767f7867565832478a24c7ca57d0221ec0929f022d29242b82a6036abd74179c71
SSDEEP

3072:UVqoCl/YgjxEufVU0TbTyDDalQzacacacacacacacacacacacacacacacacacacR:UsLqdufVUNDa6

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  TropicalBypasser.exe
- Size
  
  145KB
- MD5
  
  95f5058c852a269c21e732787d0b8f0d
- SHA1
  
  ce09b819d27ce21a420fa71d3b49fe123cd5f67d
- SHA256
  
  de02d7822ae6eed0166289527528640683c3011a74d181c8f9dcf84adc3289e5
- SHA512
  
  9ca2b383964df818e254472ee255ef882bcca287287e77d2271c47655846f1767f7867565832478a24c7ca57d0221ec0929f022d29242b82a6036abd74179c71
- SSDEEP
  
  3072:UVqoCl/YgjxEufVU0TbTyDDalQzacacacacacacacacacacacacacacacacacacR:UsLqdufVUNDa6
Score

10^/10

discovery evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence