Resubmissions

07/07/2023, 19:28 UTC

230707-x6vx7aah77 10

09/05/2023, 07:16 UTC

230509-h34zcsgf4w 8

27/03/2023, 11:00 UTC

230327-m3yjssdb46 10

25/03/2023, 07:43 UTC

230325-jkn1vsdh4z 8

25/02/2023, 11:28 UTC

230225-nldnqsda92 10

25/02/2023, 11:28 UTC

230225-nk69nada89 1

25/02/2023, 11:24 UTC

230225-nh4qrada83 10

15/01/2023, 04:46 UTC

230115-fd3c5aab55 10

06/12/2022, 18:59 UTC

221206-xm59taea79 10

General

  • Target

    fucker script.exe

  • Size

    104KB

  • Sample

    230327-m3yjssdb46

  • MD5

    db0655efbe0dbdef1df06207f5cb5b5b

  • SHA1

    a8d48d5c0042ce359178d018c0873e8a7c2f27e8

  • SHA256

    52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56

  • SHA512

    5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704

  • SSDEEP

    1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq

Malware Config

Targets

    • Target

      fucker script.exe

    • Size

      104KB

    • MD5

      db0655efbe0dbdef1df06207f5cb5b5b

    • SHA1

      a8d48d5c0042ce359178d018c0873e8a7c2f27e8

    • SHA256

      52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56

    • SHA512

      5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704

    • SSDEEP

      1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Detected potential entity reuse from brand microsoft.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.