Overview

overview

8

Static

static

1

KnoaAgent-...-2.msi

windows10-2004-x64

8

KnoaAgent-...-2.msi

windows11-21h2-x64

8

Resubmissions

08/05/2025, 06:37

250508-hdr89s1nv5 8

08/05/2025, 05:12

250508-fvwxns1kw2 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KnoaAgent-tasnee1-Desktop-2.msi

  • Size

    2.9MB

  • Sample

    250508-hdr89s1nv5

  • MD5

    9fb48f2849a31de88c9a46559ca08117

  • SHA1

    b3b4db4886d379e4daa2aba8a1f09c4b0070d4fd

  • SHA256

    df6d409161487bb7fe79a9eb406fe3a8b6f01907bee9f5335ab3ce802597dcc4

  • SHA512

    2f29c00b014b8dada6a0a3ece97c898b40b3c646e15ea809642c72978598249a0c74577acb0448c8f0fd85bbaa17102b7b89defc1cfb76b6faade00e5d588b1d

  • SSDEEP

    49152:e6BNv9ua2PJzJO4NrdRifj0HNCSWCBwW10f7RgAkvd+OLEcH8lhpo8QVff5dLTtn:gP9Q4NkwtQCBwq0flgBvdvETeRVH3vtm

Score
8/10
defense_evasiondiscoverypersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      KnoaAgent-tasnee1-Desktop-2.msi

    • Size

      2.9MB

    • MD5

      9fb48f2849a31de88c9a46559ca08117

    • SHA1

      b3b4db4886d379e4daa2aba8a1f09c4b0070d4fd

    • SHA256

      df6d409161487bb7fe79a9eb406fe3a8b6f01907bee9f5335ab3ce802597dcc4

    • SHA512

      2f29c00b014b8dada6a0a3ece97c898b40b3c646e15ea809642c72978598249a0c74577acb0448c8f0fd85bbaa17102b7b89defc1cfb76b6faade00e5d588b1d

    • SSDEEP

      49152:e6BNv9ua2PJzJO4NrdRifj0HNCSWCBwW10f7RgAkvd+OLEcH8lhpo8QVff5dLTtn:gP9Q4NkwtQCBwq0flgBvdvETeRVH3vtm

    Score
    8/10
    defense_evasiondiscoverypersistenceprivilege_escalationtrojan

    • Adds policy Run key to start application

      persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

File and Directory Permissions Modification

1
T1222

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

2
T1112

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

2
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

OSZAR »