General

  • Target

    d34fbe9ec9a27f20ccfd1ca034c6ab62d4fb958c6400cf3976c332cae10e0da0

  • Size

    493KB

  • Sample

    221123-ltcqasff7x

  • MD5

    aa5baceedd152402651c8c64dd859dce

  • SHA1

    d55766c28cecccb6f0b4c6401cb779d4307c7800

  • SHA256

    d34fbe9ec9a27f20ccfd1ca034c6ab62d4fb958c6400cf3976c332cae10e0da0

  • SHA512

    02c1eaca00900c673ce43e7eac49dedf2127cc5ac80f8d2468b9961653013e052f3bdd768c7fe8d8a1a7344a5a898f51fa21886c1b69450508207340a9fb5eb9

  • SSDEEP

    1536:9NhENNo2oa5pHwAVvu0IysOPv3YdI3EpCK+V5iR/yKoDn66XujshkGXE7rFKh:9gN5ogyJ0XgdsEIKlyKo26Jkj7rF

Malware Config

Targets

    • Target

      d34fbe9ec9a27f20ccfd1ca034c6ab62d4fb958c6400cf3976c332cae10e0da0

    • Size

      493KB

    • MD5

      aa5baceedd152402651c8c64dd859dce

    • SHA1

      d55766c28cecccb6f0b4c6401cb779d4307c7800

    • SHA256

      d34fbe9ec9a27f20ccfd1ca034c6ab62d4fb958c6400cf3976c332cae10e0da0

    • SHA512

      02c1eaca00900c673ce43e7eac49dedf2127cc5ac80f8d2468b9961653013e052f3bdd768c7fe8d8a1a7344a5a898f51fa21886c1b69450508207340a9fb5eb9

    • SSDEEP

      1536:9NhENNo2oa5pHwAVvu0IysOPv3YdI3EpCK+V5iR/yKoDn66XujshkGXE7rFKh:9gN5ogyJ0XgdsEIKlyKo26Jkj7rF

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks