4ead288dd0950c2ef0428ed8df3e27772f523687d8874134c570fc5ccac444ef | Triage

Sharing

General

Target

adata_backup_togo_ver_203.zip
Size

45.1MB
Sample

241120-akp4gswhkm
MD5

9e386f8a36f2afeb15e167e49a36a37f
SHA1

caa1a724767ffa7e90810e92a1e328a3dfc53806
SHA256

4ead288dd0950c2ef0428ed8df3e27772f523687d8874134c570fc5ccac444ef
SHA512

c3bec8b4fd26a9bb3035416fc4dbfb6afea45566f9f437f4fb976158ebf7d6d28f1ab737a1e758b1a5c3690f2a023ced2b728bc106b0d07db8dbda9b629024aa
SSDEEP

786432:SeHd7z8dPwuxMjb8n+sVu/wgAqC+fZATqMkVh0gkgdKtUpe7jnOraNoRiREl2u6w:F5WYuJn+sVu/qpGZnVhRfaNjn9NoRX6w

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  BackupToGo_Install.exe
- Size
  
  54.5MB
- MD5
  
  1cdb04cc84f8b9896d3c251fd81095e6
- SHA1
  
  04b06dbdbb8de4091e88cc36759ab372bc382aee
- SHA256
  
  414ccf335973d41427583f9197e8a2b35b0a2b800ec4a399c6deb6ffd1fe2de5
- SHA512
  
  b8730daa9c7f80ff4ff931bc6f6aa9f57f4b727e05b5da28836a5817e4dd30ec50c8af28d3883a2987887b6b317dcedabb49c347cd7b03a99aa9a5d2e9397259
- SSDEEP
  
  1572864:pF81cqiPWZO5FDNJ7Xmbt5zjv/RIG323:pF8iFPl53J7czj5T0
Score

8^/10

discovery
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2