0facf1217234f2a9e4a4dd01d80cc37211962e7cbc213d4cb16d4304817bf4ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Virus.Hijack.ATA_virussign.com_b6b3db674e58d4281e3f521ca7b793d6.exe
Size

349KB
Sample

240907-pq4w6avdrl
MD5

b6b3db674e58d4281e3f521ca7b793d6
SHA1

b43d96aef6ec2aa5f1d80fd9e033f1d19c7e0bbb
SHA256

0facf1217234f2a9e4a4dd01d80cc37211962e7cbc213d4cb16d4304817bf4ec
SHA512

2cff646eee0abcf5a47e73fcd70533d106ebd1cabb07c70bd9778a0f07a4ec1576b3668872a965e0ccc9b9fd1b721952170544d23049e2dd569de598dcb1ec72
SSDEEP

6144:YJi3P7DPOwXYrMdlpfDFk/pB7gl0cziyqczZd7LFO3A9xoLBZ9oGnFnj+MpZfPyM:YJkOwIKfDy/phgeczlqczZd7LFB3oFHF

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  Virus.Hijack.ATA_virussign.com_b6b3db674e58d4281e3f521ca7b793d6.exe
- Size
  
  349KB
- MD5
  
  b6b3db674e58d4281e3f521ca7b793d6
- SHA1
  
  b43d96aef6ec2aa5f1d80fd9e033f1d19c7e0bbb
- SHA256
  
  0facf1217234f2a9e4a4dd01d80cc37211962e7cbc213d4cb16d4304817bf4ec
- SHA512
  
  2cff646eee0abcf5a47e73fcd70533d106ebd1cabb07c70bd9778a0f07a4ec1576b3668872a965e0ccc9b9fd1b721952170544d23049e2dd569de598dcb1ec72
- SSDEEP
  
  6144:YJi3P7DPOwXYrMdlpfDFk/pB7gl0cziyqczZd7LFO3A9xoLBZ9oGnFnj+MpZfPyM:YJkOwIKfDy/phgeczlqczZd7LFB3oFHF
Score

10^/10

discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence