General

  • Target

    jokemansdick.png

  • Size

    92KB

  • Sample

    230730-rsljpsae3t

  • MD5

    7c6e0a7679916d58c28171fb9a5c5728

  • SHA1

    61c73a4d89901210ab386fd95e5c999d6562d26f

  • SHA256

    1dcb7bffabc91c3b7d067851af661f06ab957c25b2c1151741adbbf733cbade5

  • SHA512

    336884c0bfa24e80e9cd3d5e77fc73288429e3a49edf31e9f38dbad1259407150672cfc58d87b29e0f97485028ea5bad972bc7dee56121fb8293d9204f2ac5c6

  • SSDEEP

    1536:d9zkbTQq/NKrb8q1+G1jPs7bPf3JayJUMRmczM0zoegD9Vfk4zgcW1mVJBHGp1:d94wqFKMqcwPsvf5aytwczM/egxVfW1z

Malware Config

Targets

    • Target

      jokemansdick.png

    • Size

      92KB

    • MD5

      7c6e0a7679916d58c28171fb9a5c5728

    • SHA1

      61c73a4d89901210ab386fd95e5c999d6562d26f

    • SHA256

      1dcb7bffabc91c3b7d067851af661f06ab957c25b2c1151741adbbf733cbade5

    • SHA512

      336884c0bfa24e80e9cd3d5e77fc73288429e3a49edf31e9f38dbad1259407150672cfc58d87b29e0f97485028ea5bad972bc7dee56121fb8293d9204f2ac5c6

    • SSDEEP

      1536:d9zkbTQq/NKrb8q1+G1jPs7bPf3JayJUMRmczM0zoegD9Vfk4zgcW1mVJBHGp1:d94wqFKMqcwPsvf5aytwczM/egxVfW1z

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks