61c56c08353cf2eeb3d498b61708937f4d17fd4f0eee30138ed3c54a9978c3a2 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

attachment-14

windows11-21h2-x64

8

Resubmissions

08-11-2024 15:13

241108-slqqhsvcjl 4

08-11-2024 15:11

241108-skk4msvbqq 4

08-11-2024 14:30

241108-rvgzassrev 8

08-11-2024 14:22

241108-rp3c2stelg 10

Sharing

General

Target

AppOnFly Windows VPS & Cloud Gaming.mhtml
Size

428KB
Sample

241108-rvgzassrev
MD5

fe263d9bd308bc908394eca99554fb0d
SHA1

e7870bea23376f8db3eef956973ad9ba64050b73
SHA256

61c56c08353cf2eeb3d498b61708937f4d17fd4f0eee30138ed3c54a9978c3a2
SHA512

0bcf16d0175fdf12fa468c5a905d78ad888236120ecee0789478e24f7242fc07cf6055b8a721bbe560f22eea0d0f12b5f1d4c0693f6898ff61553704fffdde7d
SSDEEP

3072:nMI1RVRRdjxBV7TYkzPGOPEvwPXcn/E84mSWaed+5vj:nMUBUkzuOL/cnU

Score

8^/10

defense_evasion discovery persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

attachment-14

Resource

win11-20241007-en

defense_evasion discovery persistence phishing

windows11-21h2-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  attachment-14
- Size
  
  11KB
- MD5
  
  88503dd3ad91a98239759da6e060129a
- SHA1
  
  4289a51eafc2fc00b7c86b0e7f6ec197839d8d49
- SHA256
  
  4060edcd30496cd4e74283a138c50fa4eb3ac1afd55acb6dfb26244faf1a85ff
- SHA512
  
  a42ea8cc9da87308cf00224fccd7efd611930a782d057228abc299a9529bf5444fdedaf26a02dd78a6004b3105bea4bf97eab1d990bd25fdeaa5e14c27fc018a
- SSDEEP
  
  192:uXZMpVy+MtCMccdVqXojFkblkn0kqOhohMEYym6tPXVyCe3XotbMvohG2sVyBtlh:QcydoVBFyRoY20yGoXzCyUotBzwyl1
Score

8^/10

defense_evasion discovery persistence phishing
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: %./2678@CDFRabcdefghilmnoprstuvwy
  phishing
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistencephishing

© 2018-2024

Terms | Privacy