1a21976839b8361a4d5b6f52685bf2fdee93f7b5c3299d2080cf42e58a012ba4

General
Target

1a21976839b8361a4d5b6f52685bf2fdee93f7b5c3299d2080cf42e58a012ba4

Size

942KB

Sample

220520-dtfg7afcd6

Score
10 /10
MD5

a34fb18d9539dff4137d6ca004de2f46

SHA1

073d221a99a5980f18e65b2109dc6cefa8c6361b

SHA256

1a21976839b8361a4d5b6f52685bf2fdee93f7b5c3299d2080cf42e58a012ba4

SHA512

a6cc912a85c7a679c797bc4b9915b273affed166db526eec21dbae18f947b8c889532b859c35cc7d72b186a1b616fb138e1ae53303538486c196b9620bfc74b3

Malware Config
Targets
Target

auto kick + tav/AutoClick.exe

MD5

dec0a88203e4f73a3682c8a8bbc76d14

Filesize

716KB

Score
10/10
SHA1

e6178afe89a702a12f3f604cebde0299e7f68c09

SHA256

2b869c809ac19759798be63e56ff36567e35b641bbde5f5b6c0e17d4137d6965

SHA512

5172b582dc6fd55e9e03eab4755c0fcfc8bd2c29eaa04c612f5ce32a355bbfec73b6ae25b8a8000b99d80c998729d09dc7d627c6d4da38874ce64ac7bb268db3

Tags

Signatures

  • Modifies WinLogon for persistence

    Tags

    TTPs

    Winlogon Helper DLLModify Registry
  • Modifies visiblity of hidden/system files in Explorer

    Tags

    TTPs

    Hidden Files and DirectoriesModify Registry
  • Executes dropped EXE

  • Modifies Installed Components in the registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Installs/modifies Browser Helper Object

    Description

    BHOs are DLL modules which act as plugins for Internet Explorer.

    Tags

    TTPs

    Modify RegistryBrowser Extensions
  • Drops file in System32 directory

Related Tasks

Target

auto kick + tav/auto tab.exe

MD5

21ffdf539c05ca2c05172763d3334ebc

Filesize

658KB

Score
10/10
SHA1

5bec96d4311fd14b21debf26f4127072169cfa4e

SHA256

f562be835e7367f8a73271b34b5d4d583237ab2933a4ef3703f6fcdca1b849e1

SHA512

73812ddd1d72bb4f4d7adf54ee00589b4b3cac5cff3d5f12657a6eb946165cd8c269074664fc70aeeefb6633f54c1a41c98df5991da580b024ed9e9388063205

Tags

Signatures

  • Modifies WinLogon for persistence

    Tags

    TTPs

    Winlogon Helper DLLModify Registry
  • Modifies visiblity of hidden/system files in Explorer

    Tags

    TTPs

    Hidden Files and DirectoriesModify Registry
  • Executes dropped EXE

  • Modifies Installed Components in the registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral3

                    10/10

                    behavioral4

                    10/10