General

  • Target

    3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157

  • Size

    82KB

  • Sample

    221128-r453gsbd23

  • MD5

    ede518e477765a20a6e0aaaee3040c88

  • SHA1

    786f17d5708896423468ac149b1a693ccadd7009

  • SHA256

    3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157

  • SHA512

    6e2b0f905a8c454899014d938485898664e00546449bee6194aa443176d7585b47db02aa658bccae06ea4ff8f97b84777158b0ff2edee984a22b42beb0705106

  • SSDEEP

    1536:VwJOoN1oYaoZ5iV685XJPCmXrX9W3a36LWYSwrlcu3XeoAgGTnMszVqZQ9lr:VwJ52Y7ZoH5XJambtWqqLWYhqoA9Tn7Z

Malware Config

Targets

    • Target

      3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157

    • Size

      82KB

    • MD5

      ede518e477765a20a6e0aaaee3040c88

    • SHA1

      786f17d5708896423468ac149b1a693ccadd7009

    • SHA256

      3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157

    • SHA512

      6e2b0f905a8c454899014d938485898664e00546449bee6194aa443176d7585b47db02aa658bccae06ea4ff8f97b84777158b0ff2edee984a22b42beb0705106

    • SSDEEP

      1536:VwJOoN1oYaoZ5iV685XJPCmXrX9W3a36LWYSwrlcu3XeoAgGTnMszVqZQ9lr:VwJ52Y7ZoH5XJambtWqqLWYhqoA9Tn7Z

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Adds policy Run key to start application

    • Blocklisted process makes network request

    • Disables taskbar notifications via registry modification

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

3
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Discovery

System Information Discovery

1
T1082

Tasks