General

  • Target

    201ddfdbc25335a4a025b747a9d2c92048e096a5c22491adaf34fe5302bdd04b

  • Size

    122KB

  • Sample

    221002-r8kbkschbn

  • MD5

    660cb84aecd8a5a027cb756438aaade0

  • SHA1

    bb48fff5af88d6c12448426599fbe459401d08eb

  • SHA256

    201ddfdbc25335a4a025b747a9d2c92048e096a5c22491adaf34fe5302bdd04b

  • SHA512

    e4d9e117581bfdbf9012caba7f3310dae5098cd6a821c7a0295ba8757e561541544554103bc1fefe10c4f7ebcc505f55d42b121b9bff73af5c8ecf7701c98906

Malware Config

Targets

    • Target

      201ddfdbc25335a4a025b747a9d2c92048e096a5c22491adaf34fe5302bdd04b

    • Size

      122KB

    • MD5

      660cb84aecd8a5a027cb756438aaade0

    • SHA1

      bb48fff5af88d6c12448426599fbe459401d08eb

    • SHA256

      201ddfdbc25335a4a025b747a9d2c92048e096a5c22491adaf34fe5302bdd04b

    • SHA512

      e4d9e117581bfdbf9012caba7f3310dae5098cd6a821c7a0295ba8757e561541544554103bc1fefe10c4f7ebcc505f55d42b121b9bff73af5c8ecf7701c98906

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation