General
-
Target
040683f0a3ee62f04d1f3d230b5012af
-
Size
747KB
-
Sample
231224-s2nabsggb2
-
MD5
040683f0a3ee62f04d1f3d230b5012af
-
SHA1
ab0e039ae600b910763dd542843125f11d6c20a5
-
SHA256
33fc2fd4d85b1d04c8ba5307a4ebe46aa8088fd4d60c4005d11b7833b0f717e6
-
SHA512
ff292abe736d20b2486baf3a3f9ebf87a07c89665dcb985fd0e674b1884d74c62f990262fc3491569d40bee7acd1f7e48fbd06de446706246f326f3638a89df1
-
SSDEEP
12288:xCTPgrnZiJiAaMVkUet7EwBI+APu4UjCFmZcZlyNGUO:xCTPMAzVkUetVI5u4+CFmZu4PO
Malware Config
Targets
-
-
Target
040683f0a3ee62f04d1f3d230b5012af
-
Size
747KB
-
MD5
040683f0a3ee62f04d1f3d230b5012af
-
SHA1
ab0e039ae600b910763dd542843125f11d6c20a5
-
SHA256
33fc2fd4d85b1d04c8ba5307a4ebe46aa8088fd4d60c4005d11b7833b0f717e6
-
SHA512
ff292abe736d20b2486baf3a3f9ebf87a07c89665dcb985fd0e674b1884d74c62f990262fc3491569d40bee7acd1f7e48fbd06de446706246f326f3638a89df1
-
SSDEEP
12288:xCTPgrnZiJiAaMVkUet7EwBI+APu4UjCFmZcZlyNGUO:xCTPMAzVkUetVI5u4+CFmZu4PO
Score10/10-
Modifies visibility of file extensions in Explorer
-
Disables use of System Restore points
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3