a21839b1f4ec7d9fa765bedf282699bdd84ed354eebfc6317bd09674b01894fb | Triage

Resubmissions

06-12-2024 05:50

241206-gjl4rssra1 9

06-12-2024 05:30

241206-f7e5payken 10

06-12-2024 05:14

241206-fw57qssjaz 8

06-12-2024 05:10

241206-ft7b1s1rcx 8

06-12-2024 04:51

241206-fg8djsxjek 10

06-12-2024 04:32

241206-e5x22szqet 9

06-12-2024 04:28

241206-e3mhjazpb1 10

Sharing

General

Target

Cracka.rar
Size

18.1MB
Sample

241206-ft7b1s1rcx
MD5

681be9b88898fa0cdb6f9a8f41b248ec
SHA1

ce3153537fc5bbe19524d475922b1423fdacd109
SHA256

a21839b1f4ec7d9fa765bedf282699bdd84ed354eebfc6317bd09674b01894fb
SHA512

7c8f4fa515cd839b25694fb5f0593b2fbd905100626718b7a4e32958a9a85f6c48ebf7235108d65c57e379bfd5760b1ca976cf0048e079a366118166ec79574b
SSDEEP

393216:V6/rhud0xQt8EJzrF3+Evma7sJ170jVMTZE3fzYXwKpuGqQM0j:V6NudcQxxOEvq8VMcYgKpVL

Score

8^/10

defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  Cracka.rar
- Size
  
  18.1MB
- MD5
  
  681be9b88898fa0cdb6f9a8f41b248ec
- SHA1
  
  ce3153537fc5bbe19524d475922b1423fdacd109
- SHA256
  
  a21839b1f4ec7d9fa765bedf282699bdd84ed354eebfc6317bd09674b01894fb
- SHA512
  
  7c8f4fa515cd839b25694fb5f0593b2fbd905100626718b7a4e32958a9a85f6c48ebf7235108d65c57e379bfd5760b1ca976cf0048e079a366118166ec79574b
- SSDEEP
  
  393216:V6/rhud0xQt8EJzrF3+Evma7sJ170jVMTZE3fzYXwKpuGqQM0j:V6NudcQxxOEvq8VMcYgKpVL
Score

8^/10

defense_evasion discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence