General

  • Target

    89f0653e7418d187e2635f8ef49b3392

  • Size

    477KB

  • Sample

    240202-tf4wmacbfp

  • MD5

    89f0653e7418d187e2635f8ef49b3392

  • SHA1

    a0eeb1c89d130ba2e1672b74d874e0b3d73ae1fd

  • SHA256

    37e59bcf6384f14899eb5b1c585ebfd5262bb09d6f0b776ccd5253938dde6e5d

  • SHA512

    8d78d060caa4201c22c08b33b6d1bfcf6562250effb5e3ee2704170b3f0c1f240ff54f96d90af914620f8960d70dec8c4e2ab7e06c09c5c3747ca4979d6c16d2

  • SSDEEP

    12288:D5OnhBwgGIzzXB1nUMER+yqPZuReYoltn:DInUg7PXBuMERShoeBtn

Malware Config

Targets

    • Target

      89f0653e7418d187e2635f8ef49b3392

    • Size

      477KB

    • MD5

      89f0653e7418d187e2635f8ef49b3392

    • SHA1

      a0eeb1c89d130ba2e1672b74d874e0b3d73ae1fd

    • SHA256

      37e59bcf6384f14899eb5b1c585ebfd5262bb09d6f0b776ccd5253938dde6e5d

    • SHA512

      8d78d060caa4201c22c08b33b6d1bfcf6562250effb5e3ee2704170b3f0c1f240ff54f96d90af914620f8960d70dec8c4e2ab7e06c09c5c3747ca4979d6c16d2

    • SSDEEP

      12288:D5OnhBwgGIzzXB1nUMER+yqPZuReYoltn:DInUg7PXBuMERShoeBtn

    • Modifies WinLogon for persistence

    • Adds policy Run key to start application

    • Drops file in Drivers directory

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks