07fffac0e7f3c741104397eac2f7ca2f93214e37b062a027698812b0cdb94394 | Triage

Sharing

General

Target

4C2026EA0ABF.exe
Size

3.2MB
Sample

240826-bkr4hsyamj
MD5

64194a3d83301fa3a7560561e7496c16
SHA1

a598a982ee186d4308b9255c3f6c74a41190d52b
SHA256

07fffac0e7f3c741104397eac2f7ca2f93214e37b062a027698812b0cdb94394
SHA512

3c849fa88265b3b7db4f6d260d1bd1523441160cb770ec400b9ca1fdf95473f5347338d141a461fcec375923c70997e20e2c498b8c6fb7d36c8300bd3fbc40b2
SSDEEP

49152:HuVp4qNT3qn+hVjHiDsf+lQSxlE8/ff1WZhrphnEj63Qfvmcz3hU7YPIeYrmkaoK:Kp4qpoAVjB+lLG+alpquoz3xQ36

Score

8^/10

execution

Malware Config

Targets

- Target
  
  4C2026EA0ABF.exe
- Size
  
  3.2MB
- MD5
  
  64194a3d83301fa3a7560561e7496c16
- SHA1
  
  a598a982ee186d4308b9255c3f6c74a41190d52b
- SHA256
  
  07fffac0e7f3c741104397eac2f7ca2f93214e37b062a027698812b0cdb94394
- SHA512
  
  3c849fa88265b3b7db4f6d260d1bd1523441160cb770ec400b9ca1fdf95473f5347338d141a461fcec375923c70997e20e2c498b8c6fb7d36c8300bd3fbc40b2
- SSDEEP
  
  49152:HuVp4qNT3qn+hVjHiDsf+lQSxlE8/ff1WZhrphnEj63Qfvmcz3hU7YPIeYrmkaoK:Kp4qpoAVjB+lLG+alpquoz3xQ36
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1