General

  • Target

    f0d451e711a37b1bf9c113d7a6c444503f0a956ce5bd8c99dbe02309d7f37c99

  • Size

    42KB

  • Sample

    221129-hnt6lsfa52

  • MD5

    011bb4d76bba0b8b268170c8f1067cda

  • SHA1

    ac96c359c7afbb48e8437806811d6301d134d778

  • SHA256

    f0d451e711a37b1bf9c113d7a6c444503f0a956ce5bd8c99dbe02309d7f37c99

  • SHA512

    227c4ad35b1619246479f3d359fa03137920f3ab9b48afb82a77cda6862d41a4642f4f4c53f91add88c1abe259d4bceddc5731c15372ad1813e134f0615896ee

  • SSDEEP

    768:gyz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888i:hzOCay4wV339rPjzbpLwRJ9pSdoI/

Malware Config

Targets

    • Target

      f0d451e711a37b1bf9c113d7a6c444503f0a956ce5bd8c99dbe02309d7f37c99

    • Size

      42KB

    • MD5

      011bb4d76bba0b8b268170c8f1067cda

    • SHA1

      ac96c359c7afbb48e8437806811d6301d134d778

    • SHA256

      f0d451e711a37b1bf9c113d7a6c444503f0a956ce5bd8c99dbe02309d7f37c99

    • SHA512

      227c4ad35b1619246479f3d359fa03137920f3ab9b48afb82a77cda6862d41a4642f4f4c53f91add88c1abe259d4bceddc5731c15372ad1813e134f0615896ee

    • SSDEEP

      768:gyz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888i:hzOCay4wV339rPjzbpLwRJ9pSdoI/

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Hidden Files and Directories

2
T1158

Defense Evasion

Modify Registry

4
T1112

Hidden Files and Directories

2
T1158

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Tasks