General

  • Target

    2e45c3146bebd87ccef96e054374ea11.exe

  • Size

    645KB

  • Sample

    211103-kjelgadde7

  • MD5

    2e45c3146bebd87ccef96e054374ea11

  • SHA1

    f2be6622242c311beb54f984c2fd85b865c2431c

  • SHA256

    df6fa5b55c8196df0a53575cd26f5a7e53146899d41ab1a1a3acdb320f185d1f

  • SHA512

    4277153eaea844fdcd1ab7920d290f7a877a2a46e6d71b5b962f445395e7c0299e859409fb52e96920bc31ab6d7ed2be81e69021c0145585984dc57c76469b51

Malware Config

Targets

    • Target

      2e45c3146bebd87ccef96e054374ea11.exe

    • Size

      645KB

    • MD5

      2e45c3146bebd87ccef96e054374ea11

    • SHA1

      f2be6622242c311beb54f984c2fd85b865c2431c

    • SHA256

      df6fa5b55c8196df0a53575cd26f5a7e53146899d41ab1a1a3acdb320f185d1f

    • SHA512

      4277153eaea844fdcd1ab7920d290f7a877a2a46e6d71b5b962f445395e7c0299e859409fb52e96920bc31ab6d7ed2be81e69021c0145585984dc57c76469b51

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Modifies WinLogon for persistence

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks