General

  • Target

    Diablo.rar

  • Size

    62.3MB

  • Sample

    230321-cesnjaad3t

  • MD5

    c898805fc52cc4cdcbab708ce689ddb4

  • SHA1

    41781b91df67af1bc9b1eafd688ff3195cca2aa1

  • SHA256

    d7f7749bde88ba1280b2e560778bab0234d40ea1a6f63dce8622fc2cc7271a09

  • SHA512

    7e644b6b3ec7f59c41ca47ace70b233b94174331839bf8e32f8f81cfe79d0c6828681de761d4a8d2f4c510d63b51d26ec534ac8a7e90a81e061078bdc88b0fa7

  • SSDEEP

    1572864:FBHP1Yqkw+B1lkVP+tqeozXwaxGfWCP1hadvKc71Yr9sj:FvtkblEP+tqZzXwkCP14KciBsj

Malware Config

Targets

    • Target

      Diablo.rar

    • Size

      62.3MB

    • MD5

      c898805fc52cc4cdcbab708ce689ddb4

    • SHA1

      41781b91df67af1bc9b1eafd688ff3195cca2aa1

    • SHA256

      d7f7749bde88ba1280b2e560778bab0234d40ea1a6f63dce8622fc2cc7271a09

    • SHA512

      7e644b6b3ec7f59c41ca47ace70b233b94174331839bf8e32f8f81cfe79d0c6828681de761d4a8d2f4c510d63b51d26ec534ac8a7e90a81e061078bdc88b0fa7

    • SSDEEP

      1572864:FBHP1Yqkw+B1lkVP+tqeozXwaxGfWCP1hadvKc71Yr9sj:FvtkblEP+tqZzXwkCP14KciBsj

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Registers COM server for autorun

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Browser Extensions

1
T1176

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

3
T1112

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

5
T1082

Tasks