General

  • Target

    7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484

  • Size

    484KB

  • Sample

    221124-afmgssec69

  • MD5

    a4cea260c512dde09d9166744e42aba0

  • SHA1

    4f0f80519e424c56db49e6287d92af29812f5791

  • SHA256

    7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484

  • SHA512

    75e48912c45b43bd676e89a888add97b2f8cd6b899c9de7268bb052e7288b8157cf6d711562ad4fe59433d52c1f1c46cd2c0f9e7cb427c8f4bc4ef843dd643b4

  • SSDEEP

    12288:e9X1qM8a3ozY5lVuFVCttcO1AcXMP7gzw:EL7o4QFVWtcO6Hgzw

Malware Config

Targets

    • Target

      7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484

    • Size

      484KB

    • MD5

      a4cea260c512dde09d9166744e42aba0

    • SHA1

      4f0f80519e424c56db49e6287d92af29812f5791

    • SHA256

      7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484

    • SHA512

      75e48912c45b43bd676e89a888add97b2f8cd6b899c9de7268bb052e7288b8157cf6d711562ad4fe59433d52c1f1c46cd2c0f9e7cb427c8f4bc4ef843dd643b4

    • SSDEEP

      12288:e9X1qM8a3ozY5lVuFVCttcO1AcXMP7gzw:EL7o4QFVWtcO6Hgzw

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Impact

Inhibit System Recovery

1
T1490

Tasks