General

  • Target

    e59c60c9f7a4f36b980829cb27e6042a6ef6a3af7b0fdb924dd129a930a0847d

  • Size

    13KB

  • Sample

    220427-x933zaedcn

  • MD5

    bddd30f02bacb83d4b96cab1e16b91b0

  • SHA1

    ee108f76d809712f88401e44a58bef0a45cc3961

  • SHA256

    e59c60c9f7a4f36b980829cb27e6042a6ef6a3af7b0fdb924dd129a930a0847d

  • SHA512

    2c1958b4d4072c2bc2db4f221e6a7d8d827f9be896a7744abe823f200769af3cb15d77547579c149a4ca9e9e53f0921284515f767851dc6ccfb8fc6dc016ae04

Malware Config

Targets

    • Target

      e59c60c9f7a4f36b980829cb27e6042a6ef6a3af7b0fdb924dd129a930a0847d

    • Size

      13KB

    • MD5

      bddd30f02bacb83d4b96cab1e16b91b0

    • SHA1

      ee108f76d809712f88401e44a58bef0a45cc3961

    • SHA256

      e59c60c9f7a4f36b980829cb27e6042a6ef6a3af7b0fdb924dd129a930a0847d

    • SHA512

      2c1958b4d4072c2bc2db4f221e6a7d8d827f9be896a7744abe823f200769af3cb15d77547579c149a4ca9e9e53f0921284515f767851dc6ccfb8fc6dc016ae04

    • Drops file in Drivers directory

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

3
T1112

Tasks