Overview

overview

10

Static

static

10

Court.Proj....1.rar

windows10-ltsc 2021-x64

9

Resubmissions

25-12-2024 11:40

241225-ns1f3ssmct 10

20-06-2024 01:12

240620-bk1qnavdrk 10

01-06-2024 22:28

240601-2d43lsgh7s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Court.Project.V1.1.rar

  • Size

    89.8MB

  • Sample

    241225-ns1f3ssmct

  • MD5

    7b8280ea1912fa02187b5efabda0d940

  • SHA1

    1995974dcd2322a4c6f5fe4b9a8a790112bcc8b9

  • SHA256

    aa2bc6bdab3c1cd9cc94e92a00f2501ffd6bef384e69e605b9533ee4a9af2fcc

  • SHA512

    e7ced2e058ac07b91ef079b652ae46fcb5738e1ccfeb33d54891e1ab1938ef3a08ee2339b3204a925e055b70b6b0f7de78f42c745d69ae684c7f1dde104dbba2

  • SSDEEP

    1572864:ve8bKeXy7lNKhbtO9RlEpmv0b7540aRaTw9/6SsPdIUzakaI8Dbt00E+WbEZO:pKeXy7lkhbKRlNv0nXU1idIqeDbxIbE4

Score
10/10
pysilondefense_evasiondiscoveryevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Court.Project.V1.1.rar

    • Size

      89.8MB

    • MD5

      7b8280ea1912fa02187b5efabda0d940

    • SHA1

      1995974dcd2322a4c6f5fe4b9a8a790112bcc8b9

    • SHA256

      aa2bc6bdab3c1cd9cc94e92a00f2501ffd6bef384e69e605b9533ee4a9af2fcc

    • SHA512

      e7ced2e058ac07b91ef079b652ae46fcb5738e1ccfeb33d54891e1ab1938ef3a08ee2339b3204a925e055b70b6b0f7de78f42c745d69ae684c7f1dde104dbba2

    • SSDEEP

      1572864:ve8bKeXy7lNKhbtO9RlEpmv0b7540aRaTw9/6SsPdIUzakaI8Dbt00E+WbEZO:pKeXy7lkhbKRlNv0nXU1idIqeDbxIbE4

    Score
    9/10
    defense_evasiondiscoveryevasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Indirect Command Execution

1
T1202

Modify Registry

1
T1112

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Browser Information Discovery

1
T1217

File and Directory Discovery

1
T1083

Peripheral Device Discovery

2
T1120

Process Discovery

1
T1057

Query Registry

5
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks