General
-
Target
89779f1534f93e98d8b855703aaa3c6afc20fdc2574e8382b1984385b32b3373
-
Size
4.6MB
-
Sample
250119-w6wzta1kaq
-
MD5
4eac8d230f8fd378d47ba715472755e0
-
SHA1
c86d22a263365a5fa3b1742533c82f503215c4ec
-
SHA256
89779f1534f93e98d8b855703aaa3c6afc20fdc2574e8382b1984385b32b3373
-
SHA512
8105e18014f9b625ac7992b3799edd4dc7c52d70da2dd0cdec3fbe1a741b9c25bb82b34a36bf665b97982a166bb3ba117218ab6097274f15a3a422c769197997
-
SSDEEP
98304:bsUeJt/BRx+krhvbEZ8nkDOHyEPkTYdF8MnhowpEUH/Xu2C:F+t/vx+Wv9gOBPkTihowGUHG2C
Static task
static1
Behavioral task
behavioral1
Sample
89779f1534f93e98d8b855703aaa3c6afc20fdc2574e8382b1984385b32b3373.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
89779f1534f93e98d8b855703aaa3c6afc20fdc2574e8382b1984385b32b3373.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
89779f1534f93e98d8b855703aaa3c6afc20fdc2574e8382b1984385b32b3373
-
Size
4.6MB
-
MD5
4eac8d230f8fd378d47ba715472755e0
-
SHA1
c86d22a263365a5fa3b1742533c82f503215c4ec
-
SHA256
89779f1534f93e98d8b855703aaa3c6afc20fdc2574e8382b1984385b32b3373
-
SHA512
8105e18014f9b625ac7992b3799edd4dc7c52d70da2dd0cdec3fbe1a741b9c25bb82b34a36bf665b97982a166bb3ba117218ab6097274f15a3a422c769197997
-
SSDEEP
98304:bsUeJt/BRx+krhvbEZ8nkDOHyEPkTYdF8MnhowpEUH/Xu2C:F+t/vx+Wv9gOBPkTihowGUHG2C
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1