General

  • Target

    aabc6b208bebc60a59919dbb1b05c073.exe

  • Size

    439KB

  • Sample

    240107-x4a51adce4

  • MD5

    aabc6b208bebc60a59919dbb1b05c073

  • SHA1

    685a9ee9dd7665b8da2d4d32bdc6f26c000f4f7b

  • SHA256

    3a87152b59c7d10ce42a50478fe7776191023004da7a60bb21dc5847881fb9e7

  • SHA512

    5e60f8556472e73b68c849e338e0059620c245ffec45353b95591c96e8eab3a9d1c77230232309b7e6a7d2e5134ed543d86ff083dc1e91f24d8c0253927a6a17

  • SSDEEP

    3072:TfTflRNjzPF5OncVbrCVru0K67rMjb+2:LTfbz5W6bEu0LMjb+2

Malware Config

Targets

    • Target

      aabc6b208bebc60a59919dbb1b05c073.exe

    • Size

      439KB

    • MD5

      aabc6b208bebc60a59919dbb1b05c073

    • SHA1

      685a9ee9dd7665b8da2d4d32bdc6f26c000f4f7b

    • SHA256

      3a87152b59c7d10ce42a50478fe7776191023004da7a60bb21dc5847881fb9e7

    • SHA512

      5e60f8556472e73b68c849e338e0059620c245ffec45353b95591c96e8eab3a9d1c77230232309b7e6a7d2e5134ed543d86ff083dc1e91f24d8c0253927a6a17

    • SSDEEP

      3072:TfTflRNjzPF5OncVbrCVru0K67rMjb+2:LTfbz5W6bEu0LMjb+2

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables taskbar notifications via registry modification

    • Drops file in Drivers directory

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks