dd4c86cf085ceb60020f03c2fcf1f669452f5bef09c753b03ab0a6b778b87b34 | Triage

Sharing

General

Target

KMS_Suite_v9.8_EN.zip
Size

904KB
Sample

250330-k6whhaxnz7
MD5

f65b1d8a3b23a405bb573cfb4a6cae89
SHA1

9074b377df0439384e28296a34b0569b032b8c44
SHA256

dd4c86cf085ceb60020f03c2fcf1f669452f5bef09c753b03ab0a6b778b87b34
SHA512

fbbea21a4e15a20d38604549335df21141f058e4d957ffb33dc2a595142c24d0e45b4940f1c94888ba68c2ad96855d1c5d0a891fede4618b9eebebd2a5ceb653
SSDEEP

24576:mXSFUrzLla5MV/SvZMsIoJPk4ILmBObnoezk:mWUc5eoVk4ILmAxQ

Score

7^/10

defense_evasion discovery execution privilege_escalation

Malware Config

Targets

- Target
  
  KMS_Suite.v9.8.EN.bat
- Size
  
  1.1MB
- MD5
  
  17f656676e34f8a8252522d1a9e2bf40
- SHA1
  
  b34bc6fbf8a4f8f9e893b8703c14f8f51e90b7d6
- SHA256
  
  bed604d258d3e0ead02bd44c3c5c40feb56e0cee751169ab763887c727087747
- SHA512
  
  1835f1b25f13fb0f8c991e08593a9d60bbaca80c1b03dd62b861d8078d87ea5c0dac0efe79759b2270d76b5aad654ee0d1142ccae604d717163335c5e9da8511
- SSDEEP
  
  24576:5WDaRGrHDQCBdTx/pn6E9gMqfolasayo4QB0zx1:oDaRGbDXL/pnvYfSle4ue7
Score

7^/10

defense_evasion discovery execution privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionprivilege_escalation

behavioral2

defense_evasiondiscoveryexecutionprivilege_escalation