General

  • Target

    0e0e16b4d076aa1461d52aadf9aa5cb27d144d0e15f9837657dc3412c258466f

  • Size

    146KB

  • Sample

    221011-xdf9bshgf8

  • MD5

    6d6c2c1583cdebee842c39b88ea22336

  • SHA1

    d334dbe4291490722e52a5e6c0bfebe5f1aa1a14

  • SHA256

    0e0e16b4d076aa1461d52aadf9aa5cb27d144d0e15f9837657dc3412c258466f

  • SHA512

    c841374b9ff1c5d429ed334b80013d0f3e43e345335c6e2f5ba1707a77135d62399fce9207e47f90c3c34f697b9b9b4ac5f450276d41502bf60ee41fddf7f26d

  • SSDEEP

    3072:NaTCJkPSFR4giv5cfFFveu+Yxpw4Ec4OrzRWWj4:8qkKvTs2Iu+YxscdPBU

Malware Config

Targets

    • Target

      0e0e16b4d076aa1461d52aadf9aa5cb27d144d0e15f9837657dc3412c258466f

    • Size

      146KB

    • MD5

      6d6c2c1583cdebee842c39b88ea22336

    • SHA1

      d334dbe4291490722e52a5e6c0bfebe5f1aa1a14

    • SHA256

      0e0e16b4d076aa1461d52aadf9aa5cb27d144d0e15f9837657dc3412c258466f

    • SHA512

      c841374b9ff1c5d429ed334b80013d0f3e43e345335c6e2f5ba1707a77135d62399fce9207e47f90c3c34f697b9b9b4ac5f450276d41502bf60ee41fddf7f26d

    • SSDEEP

      3072:NaTCJkPSFR4giv5cfFFveu+Yxpw4Ec4OrzRWWj4:8qkKvTs2Iu+YxscdPBU

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks