General

  • Target

    0007d0aa4bffcecfd38e2b972ec269eeaf97e7eb693e3251655d9585ba352248

  • Size

    205KB

  • Sample

    221123-mrhn7seg94

  • MD5

    0ccab37580bc93afc0561c9e2ff7e120

  • SHA1

    7f21f264dc11e5b9d17155483fa869ab9ec619b7

  • SHA256

    0007d0aa4bffcecfd38e2b972ec269eeaf97e7eb693e3251655d9585ba352248

  • SHA512

    774188dd5805d253387178469a7683160a2c566566cdb6774f9ac299107d8b4b2a561d0876c0154c6e547e5ab88f8442c0784afa0cb8dd3be22f8e1935c6acca

  • SSDEEP

    3072:/qhMPssRhlARSOsdwD/98out3SDADeak7dJHB/AKG:/qhMPssRARoiSoS3SsQLH5AK

Malware Config

Targets

    • Target

      0007d0aa4bffcecfd38e2b972ec269eeaf97e7eb693e3251655d9585ba352248

    • Size

      205KB

    • MD5

      0ccab37580bc93afc0561c9e2ff7e120

    • SHA1

      7f21f264dc11e5b9d17155483fa869ab9ec619b7

    • SHA256

      0007d0aa4bffcecfd38e2b972ec269eeaf97e7eb693e3251655d9585ba352248

    • SHA512

      774188dd5805d253387178469a7683160a2c566566cdb6774f9ac299107d8b4b2a561d0876c0154c6e547e5ab88f8442c0784afa0cb8dd3be22f8e1935c6acca

    • SSDEEP

      3072:/qhMPssRhlARSOsdwD/98out3SDADeak7dJHB/AKG:/qhMPssRARoiSoS3SsQLH5AK

    • Modifies WinLogon for persistence

    • Modifies system executable filetype association

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks