General

  • Target

    188202eedc45fc7c3f1799fbf449209a

  • Size

    41KB

  • Sample

    231230-pm3vpaagh6

  • MD5

    188202eedc45fc7c3f1799fbf449209a

  • SHA1

    59e58949c6cabc5f74cabef002c54c3b097eeeb3

  • SHA256

    5fd3f8fb423272aca3aa2d1eef9bf062e207f4e34aeeab683ef9f3a7f737d848

  • SHA512

    5180792a598cff9071c21cd84b1cd8ec56b36dd1c97723885fd6a2c3e4f85214777e5e175ebcf73d0dcae05a052721dc53f54d4207387bcf074e4410c54e6b36

  • SSDEEP

    768:KvBgclfRsHJhSS2/TsiD9e12jECpBvU+z6Isas06E+:KE/nwTl9e12Jpu+z5ds06E

Malware Config

Targets

    • Target

      188202eedc45fc7c3f1799fbf449209a

    • Size

      41KB

    • MD5

      188202eedc45fc7c3f1799fbf449209a

    • SHA1

      59e58949c6cabc5f74cabef002c54c3b097eeeb3

    • SHA256

      5fd3f8fb423272aca3aa2d1eef9bf062e207f4e34aeeab683ef9f3a7f737d848

    • SHA512

      5180792a598cff9071c21cd84b1cd8ec56b36dd1c97723885fd6a2c3e4f85214777e5e175ebcf73d0dcae05a052721dc53f54d4207387bcf074e4410c54e6b36

    • SSDEEP

      768:KvBgclfRsHJhSS2/TsiD9e12jECpBvU+z6Isas06E+:KE/nwTl9e12Jpu+z5ds06E

    • Modifies firewall policy service

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks