General

  • Target

    Multi MS Teams.exe

  • Size

    4MB

  • Sample

    221003-ptq5gafff6

  • MD5

    0d06f074b3abfe064bedaa0263dd33be

  • SHA1

    643d17c2ecaf1b388ff5691edf922e5e2fcb061f

  • SHA256

    babcb0c8311a89a4c9fc4cebcb7d267fe51cfa5991e2058425a61a316db51f07

  • SHA512

    41b104ca73a197361e62151d1e6305dec9ffda67b56b3c069f3800b32b3bb54d4d56f68c2edda33fd1576a8f624ec2ddb3679eb7c715e6997e1bc4e078eb0ab0

  • SSDEEP

    24576:iPyp4eiMomBl00w9wu3gJL4t7qDL2PfrR9ADpQ3x2v8MgVUt+Wbn0TpqCILgKagm:6yp1ibPrwirmpQ3x2v8MgVknq/lkmwi

Malware Config

Targets

    • Target

      Multi MS Teams.exe

    • Size

      4MB

    • MD5

      0d06f074b3abfe064bedaa0263dd33be

    • SHA1

      643d17c2ecaf1b388ff5691edf922e5e2fcb061f

    • SHA256

      babcb0c8311a89a4c9fc4cebcb7d267fe51cfa5991e2058425a61a316db51f07

    • SHA512

      41b104ca73a197361e62151d1e6305dec9ffda67b56b3c069f3800b32b3bb54d4d56f68c2edda33fd1576a8f624ec2ddb3679eb7c715e6997e1bc4e078eb0ab0

    • SSDEEP

      24576:iPyp4eiMomBl00w9wu3gJL4t7qDL2PfrR9ADpQ3x2v8MgVUt+Wbn0TpqCILgKagm:6yp1ibPrwirmpQ3x2v8MgVknq/lkmwi

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand microsoft.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks