General

  • Target

    465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

  • Size

    2.0MB

  • Sample

    220510-fgr2kahgbl

  • MD5

    79dbc1a54d33366681f1e926d565cad4

  • SHA1

    907cf0ec6784bf140f9759d6931d3697da0fc229

  • SHA256

    465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

  • SHA512

    6d66ae7edc6028e8bc1eac9caf85f5d2d38a6c000e5fa907c9eec5786b225aeeb7c0b565bee9aa7b09f6f792d0857e3d06f0e3ed832d73047506a18ce15371dd

Malware Config

Targets

    • Target

      465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

    • Size

      2.0MB

    • MD5

      79dbc1a54d33366681f1e926d565cad4

    • SHA1

      907cf0ec6784bf140f9759d6931d3697da0fc229

    • SHA256

      465b187a795c015825c5a0a1791d1587a90079759b0f418ff5ea6afc44dd68d0

    • SHA512

      6d66ae7edc6028e8bc1eac9caf85f5d2d38a6c000e5fa907c9eec5786b225aeeb7c0b565bee9aa7b09f6f792d0857e3d06f0e3ed832d73047506a18ce15371dd

    • Modifies security service

    • Executes dropped EXE

    • Possible privilege escalation attempt

    • Stops running service(s)

    • Modifies file permissions

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

2
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

File Permissions Modification

1
T1222

Impact

Service Stop

1
T1489

Tasks