General
-
Target
V1.5.6.+.V1.5.8.zip
-
Size
3.3MB
-
Sample
240904-cqrwdavdka
-
MD5
376d8646fccd79826d049751bc72ec81
-
SHA1
63b00bc8e21d97d3be49495a0511b7d38645b6b2
-
SHA256
54b51bf19ffce063577597534e1658d25e5756072366cceafec91af5d7382f4a
-
SHA512
b6bfee3294055bf0344430bba9d7ea82c55cb4aa6b84b437ad267a48f48f0f3465f47857a8c8748b42a3385eb783840cbd968395ac860b31a2005986b147cf77
-
SSDEEP
98304:4irm4peYUuEpjoaua/Iu9ugQ4uPlUST1laev2j:4L48iEWCj3uNbld2j
Static task
static1
Behavioral task
behavioral1
Sample
V1.5.6.+.V1.5.8.zip
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
V1.5.6.+.V1.5.8.zip
-
Size
3.3MB
-
MD5
376d8646fccd79826d049751bc72ec81
-
SHA1
63b00bc8e21d97d3be49495a0511b7d38645b6b2
-
SHA256
54b51bf19ffce063577597534e1658d25e5756072366cceafec91af5d7382f4a
-
SHA512
b6bfee3294055bf0344430bba9d7ea82c55cb4aa6b84b437ad267a48f48f0f3465f47857a8c8748b42a3385eb783840cbd968395ac860b31a2005986b147cf77
-
SSDEEP
98304:4irm4peYUuEpjoaua/Iu9ugQ4uPlUST1laev2j:4L48iEWCj3uNbld2j
-
Modifies RDP port number used by Windows
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Discovery
Query Registry
7System Information Discovery
8Peripheral Device Discovery
2System Location Discovery
1System Language Discovery
1