Overview

overview

8

Static

static

8

python-3.1...64.exe

windows10-2004-x64

6

Resubmissions

10-11-2024 20:59

241110-zs1ydsvgqh 10

10-11-2024 20:57

241110-zrswdsvjev 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Amnesia.zip

  • Size

    67.8MB

  • Sample

    241110-zrswdsvjev

  • MD5

    2a99e1583751b410b455f6efa1c47c55

  • SHA1

    9bd995f7322c1acc6ba00b1960dfeb68ae17ae71

  • SHA256

    95e91194f77629c85910453738594c8650ba80de108da9a9938088418fd4b554

  • SHA512

    74aa63964424dc4cc046f5a4ac5ec1edc45dbeb81d3b7c9c3fc2849e2ffaba6c3ca33d4fd8272fad55d1cab83ff65b2b24533c573602db2ee89a2016f65ea985

  • SSDEEP

    1572864:mczcGb0mW1Gmp8xxygMkWkq1ev8LfAhq9/0ik:mczFTOGHxFC1evitZ0ik

Score
8/10
discoverypersistencepyinstallerupx

Malware Config

Targets

    • Target

      python-3.10.11-amd64.exe

    • Size

      27.7MB

    • MD5

      a55e9c1e6421c84a4bd8b4be41492f51

    • SHA1

      bd8b24ec02138327f70f6a3179f6991cfc007a6f

    • SHA256

      d8dede5005564b408ba50317108b765ed9c3c510342a598f9fd42681cbe0648b

    • SHA512

      5cbb831d4513dc4db247732d10fc4e75f5491229d9495378074b086835b938a86f9ded4528ae630bd8bfc35dfd881cad0d449f7705f1fc9b0d914fdc82393e6d

    • SSDEEP

      786432:MnqDB0QNdwI+4JQcZ9eI1ThRYYYAm7FF8KTUnM6HuB:n08+IXJBZ9eIGvhuC

    Score
    6/10
    discoverypersistence

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks