General

  • Target

    f818c60f918749765be3364701cd2e8dcdd46a5bc4531b9860cbb019b27fc5d5

  • Size

    279KB

  • Sample

    221204-a9bmdsce66

  • MD5

    92ab15acb2bbdf3e41148be3ed0bbdf8

  • SHA1

    f503b9863b628995c3308124a9f2cdd855de01df

  • SHA256

    f818c60f918749765be3364701cd2e8dcdd46a5bc4531b9860cbb019b27fc5d5

  • SHA512

    498ef5d71fb0d09e979854e27fb7c07c6e625e8225e6608b48ccbba46e733ebb18b7292981e438fdd207b256fcc748a75290035f23a119e2100096a58160b204

  • SSDEEP

    6144:alZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lJe:aHLUMuiv9RgfSjAzRtyY

Score
10/10

Malware Config

Targets

    • Target

      f818c60f918749765be3364701cd2e8dcdd46a5bc4531b9860cbb019b27fc5d5

    • Size

      279KB

    • MD5

      92ab15acb2bbdf3e41148be3ed0bbdf8

    • SHA1

      f503b9863b628995c3308124a9f2cdd855de01df

    • SHA256

      f818c60f918749765be3364701cd2e8dcdd46a5bc4531b9860cbb019b27fc5d5

    • SHA512

      498ef5d71fb0d09e979854e27fb7c07c6e625e8225e6608b48ccbba46e733ebb18b7292981e438fdd207b256fcc748a75290035f23a119e2100096a58160b204

    • SSDEEP

      6144:alZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lJe:aHLUMuiv9RgfSjAzRtyY

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks