General

  • Target

    1414b254f44bba8e17b01983dc22adde.bin

  • Size

    35.1MB

  • Sample

    240203-bdwhcsffeq

  • MD5

    acd5a939c1f76ab906dd816bf3359ced

  • SHA1

    6684d6574e2e02e9f85a871e8371bd1bf4b6bbaf

  • SHA256

    e180a6af920dd1910d277e1d969d0d3367d221ee7dd84331b2f98b98be3b853b

  • SHA512

    46c1ae3cafa20eb0c140388cabbaab2309a1b47bd119b44a17dc382f0ea067e95d33bb81289d4a2cef983c056fb3fc3430517de7d9906e17d4660c6ec2e38c2b

  • SSDEEP

    786432:+ci8iSfDbgEgDZeMXMxuHrY/sEltzJ31lqrpBXzn:68TfDbgNdP3LM/J310rpBXzn

Malware Config

Targets

    • Target

      474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi

    • Size

      35.2MB

    • MD5

      1414b254f44bba8e17b01983dc22adde

    • SHA1

      a12059b028647968a03d9483815dc5c13bb4b841

    • SHA256

      474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

    • SHA512

      1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

    • SSDEEP

      786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Modifies Windows Firewall

MITRE ATT&CK Enterprise v15

Tasks