cdb470eb5874c9cd4ac61c4c57229688fdc08e60ffdef7cf6f74f2e975e20022 | Triage

Sharing

General

Target

tailscale-setup-1.74.0.exe
Size

736KB
Sample

240921-ycfrvazcmn
MD5

a66d90f229769b4749c495321b54c84e
SHA1

bd430e437f9f570313d9e8ad5c72b6911f049d1d
SHA256

cdb470eb5874c9cd4ac61c4c57229688fdc08e60ffdef7cf6f74f2e975e20022
SHA512

353e23e0c5de2dc2bbde157519d2ac1d5c831c8df2e0272bbb38896d50351a8c2f7aaaad5de555c34368dbd50628a84c9cffc3c60bfa3a9fad5c4ac72f9f665a
SSDEEP

12288:13mgqnIZuYfCYqFet4CovkM70YVGnEh02NVR3lA:13WnIZuMCxezot7jV600orW

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  tailscale-setup-1.74.0.exe
- Size
  
  736KB
- MD5
  
  a66d90f229769b4749c495321b54c84e
- SHA1
  
  bd430e437f9f570313d9e8ad5c72b6911f049d1d
- SHA256
  
  cdb470eb5874c9cd4ac61c4c57229688fdc08e60ffdef7cf6f74f2e975e20022
- SHA512
  
  353e23e0c5de2dc2bbde157519d2ac1d5c831c8df2e0272bbb38896d50351a8c2f7aaaad5de555c34368dbd50628a84c9cffc3c60bfa3a9fad5c4ac72f9f665a
- SSDEEP
  
  12288:13mgqnIZuYfCYqFet4CovkM70YVGnEh02NVR3lA:13WnIZuMCxezot7jV600orW
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2