General
-
Target
Potato_1.exe.vir
-
Size
79.9MB
-
Sample
241031-nhrq7axerq
-
MD5
d2ac273c1e90ac39c362a69dbaf4a560
-
SHA1
e1c68103117f9325953a604f97aa0dc280ee7b92
-
SHA256
1a38288d73f845ae6788a60398ad47ed1cdbaaec58c80cc16a45dcd7dbcb9558
-
SHA512
e28fdfcf047ed79def12bf28f0e4fb2fba85546b7eb333ab44f0aea74fc270fac341e63bf67cc33b2d6569116aa3d52f7e639f1af8823437de42b9a0815b1577
-
SSDEEP
1572864:8sTO6Viu5K9FnRAfhILfOWyTWyTWyTWyTWyTWyTWyTWyTWyTWysZlSfUoFe:8jcifFnRACLfOWkWkWkWkWkWkWkWkWkU
Static task
static1
Behavioral task
behavioral1
Sample
Potato_1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Potato_1.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Potato_1.exe.vir
-
Size
79.9MB
-
MD5
d2ac273c1e90ac39c362a69dbaf4a560
-
SHA1
e1c68103117f9325953a604f97aa0dc280ee7b92
-
SHA256
1a38288d73f845ae6788a60398ad47ed1cdbaaec58c80cc16a45dcd7dbcb9558
-
SHA512
e28fdfcf047ed79def12bf28f0e4fb2fba85546b7eb333ab44f0aea74fc270fac341e63bf67cc33b2d6569116aa3d52f7e639f1af8823437de42b9a0815b1577
-
SSDEEP
1572864:8sTO6Viu5K9FnRAfhILfOWyTWyTWyTWyTWyTWyTWyTWyTWyTWysZlSfUoFe:8jcifFnRACLfOWkWkWkWkWkWkWkWkWkU
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1