c34465de704b2ad9d06169d9751d572e4a727dc4b2d8e73042286977d4ddf841 | Triage

Sharing

General

Target

Virus.Hijack.ATA_virussign.com_ee8c4f7c129b0fc663a0be967f5c4772.exe
Size

128KB
Sample

240907-prcjasvepk
MD5

ee8c4f7c129b0fc663a0be967f5c4772
SHA1

12072f4f4ad2766dc9ba91d60d104b9b58549d34
SHA256

c34465de704b2ad9d06169d9751d572e4a727dc4b2d8e73042286977d4ddf841
SHA512

b0bde087f8efd71ad0d1b5dc89c473936f88041faa521a7728c7310b7e0ff01a9c32c905ff2eef82f948ca67c72f7d7d7e66e77dcb9a261acbf7d1aa360764bd
SSDEEP

3072:t13o8wRoOdX/NImKTftr1AerDtsr3vhqhEN4MAH+mbp:tm8wRTI7tr1AelhEN4Mujp

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  Virus.Hijack.ATA_virussign.com_ee8c4f7c129b0fc663a0be967f5c4772.exe
- Size
  
  128KB
- MD5
  
  ee8c4f7c129b0fc663a0be967f5c4772
- SHA1
  
  12072f4f4ad2766dc9ba91d60d104b9b58549d34
- SHA256
  
  c34465de704b2ad9d06169d9751d572e4a727dc4b2d8e73042286977d4ddf841
- SHA512
  
  b0bde087f8efd71ad0d1b5dc89c473936f88041faa521a7728c7310b7e0ff01a9c32c905ff2eef82f948ca67c72f7d7d7e66e77dcb9a261acbf7d1aa360764bd
- SSDEEP
  
  3072:t13o8wRoOdX/NImKTftr1AerDtsr3vhqhEN4MAH+mbp:tm8wRTI7tr1AelhEN4Mujp
Score

10^/10

discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence