df70f699036a080b6e48795b3e940377b4abf8e3869c30c5c102c1dffcef4045 | Triage

Submit
Reports

Overview

overview

Static

static

aiosetup-main.zip

windows10-ltsc 2021-x64

Resubmissions

17-11-2024 21:02

241117-zvfegaxpdv 10

17-11-2024 20:51

241117-znh7saspgr 10

17-11-2024 20:36

241117-zdt7assngr 10

Sharing

General

Target

aiosetup-main.zip
Size

46.3MB
Sample

241117-znh7saspgr
MD5

18ee73828f04ecdcc8d686ef26cbf99a
SHA1

3c11e0ba5ee79860ece1743b452bd804d3692379
SHA256

df70f699036a080b6e48795b3e940377b4abf8e3869c30c5c102c1dffcef4045
SHA512

b804e65d85ef00ff0b39dd07f453eec88907c45f1ed0bcf62698548b3f79cde3cb113d7e66ec0d33476880ba68568cbf975a10e74509d9fd3ed238211ca0a70a
SSDEEP

786432:OmnYTFjhvhzajCtC7j3ZSUWIcqkUJpRvxu3kPR7XWudllYPMMvrf29jTrCy10X0M:LyFjhvhzaOtC7jwbGTJpRvxu0PBX5qyK

Score

10^/10

microsoft defense_evasion discovery evasion execution phishing trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

aiosetup-main.zip

Resource

win10ltsc2021-20241023-en

microsoft defense_evasion discovery evasion execution phishing trojan

windows10-ltsc 2021-x64

37 signatures

1800 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://github.com/Gelaxiz/aiosetup/releases/download/app/AioSetup.bat

Targets

- Target
  
  aiosetup-main.zip
- Size
  
  46.3MB
- MD5
  
  18ee73828f04ecdcc8d686ef26cbf99a
- SHA1
  
  3c11e0ba5ee79860ece1743b452bd804d3692379
- SHA256
  
  df70f699036a080b6e48795b3e940377b4abf8e3869c30c5c102c1dffcef4045
- SHA512
  
  b804e65d85ef00ff0b39dd07f453eec88907c45f1ed0bcf62698548b3f79cde3cb113d7e66ec0d33476880ba68568cbf975a10e74509d9fd3ed238211ca0a70a
- SSDEEP
  
  786432:OmnYTFjhvhzajCtC7j3ZSUWIcqkUJpRvxu3kPR7XWudllYPMMvrf29jTrCy10X0M:LyFjhvhzaOtC7jwbGTJpRvxu0PBX5qyK
Score

10^/10

microsoft defense_evasion discovery evasion execution phishing trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

microsoftdefense_evasiondiscoveryevasionexecutionphishingtrojan

© 2018-2025

Terms | Privacy