Resubmissions

24-11-2023 13:04

231124-qa6w9abb82 10

24-11-2023 12:34

231124-pr17nabf4s 10

General

  • Target

    IMG_0750.jpg

  • Size

    303KB

  • Sample

    231124-pr17nabf4s

  • MD5

    2a51b0a807d9f22493f43f274bd296d9

  • SHA1

    c08d9785eea512083446f288befd05962685dcfb

  • SHA256

    602d10d51dbe982c7734ea506d7bde39e55cca7a183f5356f640b473bbcd729b

  • SHA512

    94426032f3c72bc6438235349aba0aff69a11ae838b426c042655d688231bddd1ef4d2a5de2410183719d3dc504e664c1d54af4ceaaeef64bcc51f495402ada5

  • SSDEEP

    6144:rT05ChxRejc33RlgRS6iIbYYBe/tww3AF+7Oq/RQ025bFgZYp:r0URejcHMWAe/tqFeR/kGZa

Malware Config

Targets

    • Target

      IMG_0750.jpg

    • Size

      303KB

    • MD5

      2a51b0a807d9f22493f43f274bd296d9

    • SHA1

      c08d9785eea512083446f288befd05962685dcfb

    • SHA256

      602d10d51dbe982c7734ea506d7bde39e55cca7a183f5356f640b473bbcd729b

    • SHA512

      94426032f3c72bc6438235349aba0aff69a11ae838b426c042655d688231bddd1ef4d2a5de2410183719d3dc504e664c1d54af4ceaaeef64bcc51f495402ada5

    • SSDEEP

      6144:rT05ChxRejc33RlgRS6iIbYYBe/tww3AF+7Oq/RQ025bFgZYp:r0URejcHMWAe/tqFeR/kGZa

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Deletes NTFS Change Journal

      The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

    • Async RAT payload

    • Clears Windows event logs

    • mimikatz is an open source tool to dump credentials on Windows

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks