General
-
Target
sample
-
Size
271KB
-
Sample
250112-gynwxazna1
-
MD5
4b0e5876ac8c7d00d4df7700d9524920
-
SHA1
595dbd16187d344565bcc264a9c98a2e5f37b185
-
SHA256
4096c294fd311f8e1940bde9eaadd29fc69c63142ef626584644e7bf1cf53795
-
SHA512
512b60eb987ae66be3ee512d866c83eac4ed3dffc0f242bde9dc7ec8138051677a778205e8337d72e56881f67b4bd0ea62bd47888edcc113ce55d73adf8b38c9
-
SSDEEP
3072:HPxGtuHLXaZZEyIfS/lutt475UHyNBIlXzAwtN+25/jD5:HPxGturXaZZBIf1tc5UHgINjD5
Malware Config
Targets
-
-
Target
sample
-
Size
271KB
-
MD5
4b0e5876ac8c7d00d4df7700d9524920
-
SHA1
595dbd16187d344565bcc264a9c98a2e5f37b185
-
SHA256
4096c294fd311f8e1940bde9eaadd29fc69c63142ef626584644e7bf1cf53795
-
SHA512
512b60eb987ae66be3ee512d866c83eac4ed3dffc0f242bde9dc7ec8138051677a778205e8337d72e56881f67b4bd0ea62bd47888edcc113ce55d73adf8b38c9
-
SSDEEP
3072:HPxGtuHLXaZZEyIfS/lutt475UHyNBIlXzAwtN+25/jD5:HPxGturXaZZBIf1tc5UHgINjD5
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Detected potential entity reuse from brand STEAM.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1