General

  • Target

    BDCAMSETUP_ENG_5_1_1_1837.EXE

  • Size

    21.4MB

  • Sample

    230331-xnz47acf46

  • MD5

    060bea29b3e2c6e476cbd2d4b10ee495

  • SHA1

    e58f23d42d15fb4dbca276540bbb637b2724dce9

  • SHA256

    f2be132811577aea485de36890e65d1ff5e79c470e0c73b880268bd6d241ca5e

  • SHA512

    d3cf94ea30eb020bfc43a474fbebf44b074efd9a5f1d91f440e445f1c5edbbef0560ba134512540a26696c4ba94803be6a7fc0d9a75a3e3e5f02584c4ccf3c72

  • SSDEEP

    393216:YtmljDgTsny1KqhbhBS0YK7Vqtkr3fdqdhPuXHvtWNfznm4h4vu:UmBgIrA9BS0YK74kr3lqd0PYNr/h4vu

Malware Config

Targets

    • Target

      BDCAMSETUP_ENG_5_1_1_1837.EXE

    • Size

      21.4MB

    • MD5

      060bea29b3e2c6e476cbd2d4b10ee495

    • SHA1

      e58f23d42d15fb4dbca276540bbb637b2724dce9

    • SHA256

      f2be132811577aea485de36890e65d1ff5e79c470e0c73b880268bd6d241ca5e

    • SHA512

      d3cf94ea30eb020bfc43a474fbebf44b074efd9a5f1d91f440e445f1c5edbbef0560ba134512540a26696c4ba94803be6a7fc0d9a75a3e3e5f02584c4ccf3c72

    • SSDEEP

      393216:YtmljDgTsny1KqhbhBS0YK7Vqtkr3fdqdhPuXHvtWNfznm4h4vu:UmBgIrA9BS0YK74kr3lqd0PYNr/h4vu

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks