6d531e627d1474d4fbd1cc669af856f3c04182a9172ad1e73e679d8a206479f5 | Triage

Sharing

General

Target

Setup Software.exe
Size

23.8MB
Sample

241017-syn3fsshmd
MD5

24bd5fb6e20496abbf7497999e4dd6bb
SHA1

04f87a82c651fd9cb9ba43a9cb31c93c137d682c
SHA256

6d531e627d1474d4fbd1cc669af856f3c04182a9172ad1e73e679d8a206479f5
SHA512

eacf0fa7b896615b7440d7a246caba05f16855bfa1ce38d2c1d4133e9171934fe08657fb3842ac23f5e3a2904dfc3405a7f438ff7f8ff18ed28a9917c8337eca
SSDEEP

393216:yFx5mLMvl0z2kFAaZa73fLNFKhM7f/u1E3t3Ghsry/i:ox8YvTkAaQzK27fW1E39x

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  Setup Software.exe
- Size
  
  23.8MB
- MD5
  
  24bd5fb6e20496abbf7497999e4dd6bb
- SHA1
  
  04f87a82c651fd9cb9ba43a9cb31c93c137d682c
- SHA256
  
  6d531e627d1474d4fbd1cc669af856f3c04182a9172ad1e73e679d8a206479f5
- SHA512
  
  eacf0fa7b896615b7440d7a246caba05f16855bfa1ce38d2c1d4133e9171934fe08657fb3842ac23f5e3a2904dfc3405a7f438ff7f8ff18ed28a9917c8337eca
- SSDEEP
  
  393216:yFx5mLMvl0z2kFAaZa73fLNFKhM7f/u1E3t3Ghsry/i:ox8YvTkAaQzK27fW1E39x
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution