General

  • Target

    instruction.zip

  • Size

    28KB

  • Sample

    210726-yyn9lglgne

  • MD5

    fc0aca90e8f5c049115e9fe4afb9f4e4

  • SHA1

    233b84d45718aab13dac8f44d7b9b46e00a0ecef

  • SHA256

    f8d89c5d3d6ec4df52993c56aa50901f2b69760f2485bb7e473ed5d992e1f43a

  • SHA512

    7de3458efabc20ba93096df18e5ae68a29ef3be044c539c392d9c307390b8613f67e6d56c102bd92bd282b7a6397b8b337223d66597b9c074765a3e859954d39

Malware Config

Targets

    • Target

      instruction.html .com

    • Size

      28KB

    • MD5

      13c05f728f59b645759ccff2469dd2b2

    • SHA1

      a2879876885d68be54bc0d9307a8ea0b4182560b

    • SHA256

      6f064d4987b4202ebe2faaab28f3582dd784f24fa1a13f305051a6d7e85a78ed

    • SHA512

      f9b099b8a7a58f21b156fad55d833f6fd182e2129e2b534a985cbb0fd10b55aa46146edd4760bb194005a6c6a26155f290e9a6d98abf580b788a2ac5cd9b56bd

    • Detected google phishing page

    • suricata: ET MALWARE Suspicious Email Attachment Possibly Related to Mydoom.L@mm

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Tasks