c7d4c33c935a875fba56bf595060d8292ce5dedb0013cd5992e54e7dffbda843

General

Target

AtlasTools.zip
Size

380KB
Sample

241117-nvw7fayhla
MD5

96aed7199e04727e40439c592406c908
SHA1

2d81d956ffd7d94d12a08f5c228ffe21b8895530
SHA256

c7d4c33c935a875fba56bf595060d8292ce5dedb0013cd5992e54e7dffbda843
SHA512

9adedebbbf31c152d811f1966558511f5159df66553cb1692900451bea9f5ef6b3ebd62840502622757fca94ff28fcf031c478b633ebe3f0e4e2404799965a67
SSDEEP

6144:+Azvy9VyHhCkVEqX6M1IEpPVdQ3pZVVImMRabJz09qw9Smp9CHv8EYPoGWZAFycO:bjy3yBCWEqXT1B7mpbVImOa949XSmfCv

Score

8^/10

Malware Config

Targets

- Target
  
  AtlasTools.zip
- Size
  
  380KB
- MD5
  
  96aed7199e04727e40439c592406c908
- SHA1
  
  2d81d956ffd7d94d12a08f5c228ffe21b8895530
- SHA256
  
  c7d4c33c935a875fba56bf595060d8292ce5dedb0013cd5992e54e7dffbda843
- SHA512
  
  9adedebbbf31c152d811f1966558511f5159df66553cb1692900451bea9f5ef6b3ebd62840502622757fca94ff28fcf031c478b633ebe3f0e4e2404799965a67
- SSDEEP
  
  6144:+Azvy9VyHhCkVEqX6M1IEpPVdQ3pZVVImMRabJz09qw9Smp9CHv8EYPoGWZAFycO:bjy3yBCWEqXT1B7mpbVImOa949XSmfCv
Score

8^/10

microsoft defense_evasion discovery persistence phishing
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
behavioral1
- Target
  
  AtlasCommon.json
- Size
  
  114KB
- MD5
  
  ced107cdfeabc7f179c271f5c7577686
- SHA1
  
  ba52cc537dcb44fd26897dad64963c4cdae78bb0
- SHA256
  
  13cf2aee2bff75f7e39c82ab92f4ac48f40746015e3618206eebf0ffd6da1e69
- SHA512
  
  aa5f6d5118cbafde114d541fcb91663aa4dba6809a06d6c1d79ded7b4cb24a13252da1c35c0a75de473611c18b74f8f7978c4f8572439561f9269013451aa35d
- SSDEEP
  
  1536:s48O/ClVGSD8kM/+luAcdjgq8Rx+q5NQba/vCBFz/8hEqrd3Zv:s48O/X+luAc0vcFz/8hEqrd3Zv
Score

3^/10
behavioral2
- Target
  
  AtlasTools.deps.json
- Size
  
  422B
- MD5
  
  851d882e1f208226b455dc51d3714535
- SHA1
  
  5534735d98be5d140a2e88633ff198c942b16627
- SHA256
  
  2dc1aacf59d2de710c18b1360cca9f94e320f9c17a51627f970b2e5ef86f0e7b
- SHA512
  
  57493458561d2c53ccaf8262588eae1212edfb24d7616da6b0a492d16a4efd2d0805317727f4f30c0e813361538404e8399ff812471f046f3d2d08631d40ec7f
Score

3^/10
behavioral3
- Target
  
  AtlasTools.dll
- Size
  
  331KB
- MD5
  
  31b30a6bd899d62551605a97d2cd5933
- SHA1
  
  6777a087332029696e0b7656ad0e2b6a13fd99dc
- SHA256
  
  8e92e6335b60d89be06db9a0721a8e95ded941185b05bd43cb6f8d358de01f0d
- SHA512
  
  61106d93efd102cd053268b257550c62032cf0d031b05e66dd77a9d7ee4d6920411eac95f2359840a8b699a31cfd4f69cac1bbc86cae3e445974a0a94508f0b5
- SSDEEP
  
  6144:/0yR8iJL6M1+F9Smp9aREsCJ8iJL6M1+F9Smp9lREsB:t6iJLT1ySmfOESiJLT1ySmfDE
Score

1^/10
behavioral4
- Target
  
  AtlasTools.exe
- Size
  
  295KB
- MD5
  
  445de3681a25420096f1fe1550893a9d
- SHA1
  
  3f79e719863588d46763e8bcb072f42e18a9a931
- SHA256
  
  2308698e3126db10b5235d8bcf94ef89bf9886c06186e8d821a8f8ced9fa49f6
- SHA512
  
  380cee86243f492d752c1653e0c005ff15b59585187cb95b2ad7a8142988f5876d8ace383712ac1560c1e422be83cd1b51eb995f6a7a37eb1ae37af29c82aa63
- SSDEEP
  
  6144:fBKjK2LFzZNf/ULQMd8iJL6M1+F9Smp9aREsC:fMjnNfcWiJLT1ySmfOE
Score

1^/10
behavioral5
- Target
  
  AtlasTools.pdb
- Size
  
  21KB
- MD5
  
  88c7bfbcd197774f33670d27c613c1f3
- SHA1
  
  7f0ff58a0742dbf9a13a488bbb27ed75424aa5c3
- SHA256
  
  ccfef0b3233d305223136912f5d1bcc1985e7c5d4b8e5ae694964798a88cd3b1
- SHA512
  
  2387ddb6bf020df82eda252939c0c9dcf25694ddcbaf9f405827040d65dcdc8ba16fc3c92b56ab5738dbcaa039f5810d20f51325eb5f47fff7c3c6dce5d5d7f2
- SSDEEP
  
  384:SyvPZ0bCa35DxYxonIaiaBs4PlFGgSOIPO7/DWEnNt5f/tHJO9WNHFfPwMBUYNdW:fRiBZlQO3/Tn1ntp/dfSPe9v3hK
Score

3^/10
behavioral6