General

  • Target

    Lightshot-setup.exe

  • Size

    14.7MB

  • Sample

    230120-thcj6aag51

  • MD5

    cfc6d78fb0745b3e7738a5bf4be2b9cc

  • SHA1

    eba8eddfd8c581f0dfc9e4b581a23bf0dd3f22ce

  • SHA256

    677bf5f29312f25cfe97c764ff07281fe1cb98308dbfe8a20cf6d7fdcb6f12b1

  • SHA512

    e96ce3d452a6b409e548446bc0563118eb1c1f7e6de7ba71fe5fa73f1d98fb7157f3afbfccee7a6ddf5026fbfe59bcaa3398838e73548fd6b500818dce6221ab

  • SSDEEP

    393216:vM/DSImRQn+K9hT3CoiEKWocnlvEtA39:k/DOo9d3zlWQ9

Malware Config

Targets

    • Target

      Lightshot-setup.exe

    • Size

      14.7MB

    • MD5

      cfc6d78fb0745b3e7738a5bf4be2b9cc

    • SHA1

      eba8eddfd8c581f0dfc9e4b581a23bf0dd3f22ce

    • SHA256

      677bf5f29312f25cfe97c764ff07281fe1cb98308dbfe8a20cf6d7fdcb6f12b1

    • SHA512

      e96ce3d452a6b409e548446bc0563118eb1c1f7e6de7ba71fe5fa73f1d98fb7157f3afbfccee7a6ddf5026fbfe59bcaa3398838e73548fd6b500818dce6221ab

    • SSDEEP

      393216:vM/DSImRQn+K9hT3CoiEKWocnlvEtA39:k/DOo9d3zlWQ9

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks