General
-
Target
3.exe
-
Size
1.5MB
-
Sample
241015-ts28kayckj
-
MD5
eb2687ee1d80d507b550f9c02523db06
-
SHA1
5b80a6c46dd5cd85001486ea4d09ebf8c674f802
-
SHA256
b39e4ddf7c57a6c85196e27ddf255811bd3bb3a73363227e455059008468d4b8
-
SHA512
1b96045d8537e989e94a66fa578a3ff42b36aa3643d34b2f791ed3b0f4e5849faac2856640eab3fdb38746b827a9450f583a3e311781516564ba615a293668d5
-
SSDEEP
24576:cioa9QayPNalHGq8e27bb0hfgmvYXbNqaDQeXX/X3qwiRfDdzijgnLpv:cippYNQHGq87b7mv4Es/3qwiVDdz/h
Static task
static1
Behavioral task
behavioral1
Sample
3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
3.exe
-
Size
1.5MB
-
MD5
eb2687ee1d80d507b550f9c02523db06
-
SHA1
5b80a6c46dd5cd85001486ea4d09ebf8c674f802
-
SHA256
b39e4ddf7c57a6c85196e27ddf255811bd3bb3a73363227e455059008468d4b8
-
SHA512
1b96045d8537e989e94a66fa578a3ff42b36aa3643d34b2f791ed3b0f4e5849faac2856640eab3fdb38746b827a9450f583a3e311781516564ba615a293668d5
-
SSDEEP
24576:cioa9QayPNalHGq8e27bb0hfgmvYXbNqaDQeXX/X3qwiRfDdzijgnLpv:cippYNQHGq87b7mv4Es/3qwiVDdz/h
-
Modifies RDP port number used by Windows
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks registry for disk virtualization
Detecting virtualization disks is order done to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies WinLogon
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
3Query Registry
5System Information Discovery
4System Location Discovery
1System Language Discovery
1