General

  • Target

    13773976274.zip

  • Size

    1.4MB

  • Sample

    231221-mbst8sgegj

  • MD5

    b3e2307be7797bc5668fce5cf9a486fb

  • SHA1

    5138d4b12e921b5bda527a9debbbf6e122ee3722

  • SHA256

    eb6e09a045333d352be7ba08268751b7d012623b4f3d5ba27f5ad3634ba3804d

  • SHA512

    6dad564d3a4eb35aa70ef0f981294f130789a95169cbef85fe336cfc7f55ff2c19b5b3d16f929e26f5b6b2b4385393892224af2f8c493a7762775b634a9c8fae

  • SSDEEP

    24576:qDpWYgQrtpPReFVSPDH/2rqB/YdO0wHC7WRyT3OnPdHWd8047npg7s/I:QpXgQB/eFV4DH/2+B/4wHC4uSHBS7s/I

Malware Config

Targets

    • Target

      8c44b52b3db1af62152ca2ec939477e65d85041b800e925258d82e9e9c52b81a

    • Size

      1.7MB

    • MD5

      18352c4a2a2b6c1782fbe385ce306b09

    • SHA1

      83795235962d2f3d83ad0c06a7ff5a240ecdd115

    • SHA256

      8c44b52b3db1af62152ca2ec939477e65d85041b800e925258d82e9e9c52b81a

    • SHA512

      337ed56c4889cb025501c4709c6a7e16db591a2103db6cb744c2538564bc422c40df33540ad9b3fedee8700426558fb0889b86f2524089cd1e586bc499a436e3

    • SSDEEP

      24576:X+FYqowvitLVaoAeAKKdIAm9Fx8gPwCH/lwQk5uv5f01d63kH3b/d2/rMeSx7cTl:X+FYqNitLVaoAeAXCSQkoxs1dfxQMH

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks