General
-
Target
File.rar
-
Size
7.8MB
-
Sample
241116-2g4k9avgrc
-
MD5
7ad698ff87653a5bbaf18a925b18e1f0
-
SHA1
e44be1ebe5f5d18c9497c50142ad5aca34d4fc21
-
SHA256
a5b5a16e70ba83f8895db7849ace8a9e8e1a8ea3ce4cc2d2cb3dd6aa187b0aec
-
SHA512
3be20dd6004b4e7e0ddc3fc4d285b2add19ed18ba044f87849792c967f734972a84e9a0d3601debd8e8499641dfd575ef8913d095f1d67b8cef8ee0e4287e13f
-
SSDEEP
196608:0vAjshv1Kzl0YO61zZZLUNXhlHHiRzC7w9BvR1ccaNhn65t0:JshoxhzfL+LHiRaSBpYh6H0
Static task
static1
Behavioral task
behavioral1
Sample
File/image.png.lnk
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
File/image.png.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
File/testing.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
File/testing.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
File/image.png.lnk
-
Size
1024B
-
MD5
2cdc3e1cb4c8e19851acbb30409d0dea
-
SHA1
438767b56dd441be44746fb93e67d83922c33759
-
SHA256
a91fc9eee942f457e045194afe71141c0eefd24cf9b13fec88fd7658ff5a6fe6
-
SHA512
ea76fd145a22e7afa7df3df9f110f02a61bddaad50447486d8cb06475ee501c2eac7263a0c480f7bb155c438a87c9a153b90262cea26c130ce7d15adea035963
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
File/testing.png
-
Size
7.9MB
-
MD5
468d57a336819e4c6c198a21d61aecb4
-
SHA1
2c8675173d3ca7986fdac391a549ce383372d951
-
SHA256
7114e10265076cb82da6c0c103e10a6b300a0f960b253b04be74fca6fba79415
-
SHA512
584355229b3246f1cb8e86c2e047682713567f3a74108ab24a667606adad46ae086f7452c37d0877d50f8678898c8a4b87e3a8a9e1f3f7868591d818137df0b9
-
SSDEEP
196608:sZajcQ3QRVgUZe6c/PEq+j53sCQCkOVKkqHu1S:s4wQARRuPGe3CkO4eS
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1