92018b5c001d6632cf884a5d4c034153532d75061f9b850d0c0ec689a4514644 | Triage

Sharing

General

Target

eos.zip
Size

1.3MB
Sample

240822-syzh7avbmg
MD5

1fe099075645b73c9f0f695403f78ec8
SHA1

1e8b133aff30fbb968585c8fcbff35e90dd6b380
SHA256

92018b5c001d6632cf884a5d4c034153532d75061f9b850d0c0ec689a4514644
SHA512

4f392e03661996c87cbccd5d32aa39afa789a630e8c2cd06c74d5f8717a08bbe0b818574e1d4e3283af50ac504f72260f1c1cee26ec7d4af532a5f4cd068bbc8
SSDEEP

24576:HZREQtiqtDeKrEFONyDLw7p9csuaB3jNnf0d5yi5xbO6CUmCZH9fA:/EiiieKwfL6ug3jKdfcC/4

Score

8^/10

execution persistence

Malware Config

Targets

- Target
  
  eos.exe
- Size
  
  1.3MB
- MD5
  
  7970fe4633bf67a0009b8483298ff96a
- SHA1
  
  394dc56e7ccff1794e9e916122292e3500bd22c0
- SHA256
  
  16e17ac6fc0b81c9b2e23f32ab9b9cac14c4d13c7e59d536a9f116ec708c0d43
- SHA512
  
  525824ae0358a865ac3eb27c308ee571b416badd277e39083987b4f55987bf94c1fe86426eea9487c05ef15cb8cb313c949a774f5eadc9a87f8a6884362bf4a1
- SSDEEP
  
  24576:YBoV7D8fOcophmUWP3bGPniCbRoz9v5ytm8WcFVIG40YEX6shaShecooFWsy:DV38GfyrGP9E9wshoIG4yX6swtc+
Score

8^/10

execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence