1e0b7074bb8a8c238140b40bd295123308973853ba762f1899e1d31463240888 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

planetvpn.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

planetvpn.exe
Size

53.8MB
Sample

240928-wmf49ayell
MD5

6a65de49aa23b584a2b871ae79baa948
SHA1

3586eee59ecaaedeb7ca559420947403388892f3
SHA256

1e0b7074bb8a8c238140b40bd295123308973853ba762f1899e1d31463240888
SHA512

e367ecbdaae81790748e63d3a73a425a8e32e530d0b0e705f5cac5c66596472364f14dec4fa442ea7efda7ec8fafdc959eb4aac278c750ac614220b340181587
SSDEEP

1572864:8VREexnoDuZjBGPHszDa+dC9+hsT34atCOYZVEE:gR/xnoDDHs2+aTvt+ZVEE

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

planetvpn.exe

Resource

win10v2004-20240802-en

discovery persistence

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  planetvpn.exe
- Size
  
  53.8MB
- MD5
  
  6a65de49aa23b584a2b871ae79baa948
- SHA1
  
  3586eee59ecaaedeb7ca559420947403388892f3
- SHA256
  
  1e0b7074bb8a8c238140b40bd295123308973853ba762f1899e1d31463240888
- SHA512
  
  e367ecbdaae81790748e63d3a73a425a8e32e530d0b0e705f5cac5c66596472364f14dec4fa442ea7efda7ec8fafdc959eb4aac278c750ac614220b340181587
- SSDEEP
  
  1572864:8VREexnoDuZjBGPHszDa+dC9+hsT34atCOYZVEE:gR/xnoDDHs2+aTvt+ZVEE
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy