Resubmissions

03/02/2024, 04:35

240203-e7tgmshcg8 8

03/02/2024, 04:28

240203-e36leabfcr 6

03/02/2024, 04:15

240203-et7gcaghd7 3

General

  • Target

    BloxFruits.png

  • Size

    9KB

  • Sample

    240203-e7tgmshcg8

  • MD5

    985421e822bf38d8d08076dfb841f64f

  • SHA1

    d9c695a9a7685e17dc7dc2736c1dc2ade51c1fa5

  • SHA256

    e66aa15e8cd1227dc654ef8f70b4cf0e6e7981c9fe410134b2e0912305e7f81d

  • SHA512

    00fe19ee8dd19856b30d6f5da774c1c8ffcfd5f09a6f30f26aabb2aebc1c366317c205a2285a40d3a83d335d2756f7d671f626723c6a8d47428447f512d6cc58

  • SSDEEP

    192:wYo8O47AWLvyv56EWbALNkL7dgBMoBr/v8e1QDbOP9qnu+4RkY+hKWF:wF8dAWLvYCOMoFE+QsAnmkYq

Malware Config

Targets

    • Target

      BloxFruits.png

    • Size

      9KB

    • MD5

      985421e822bf38d8d08076dfb841f64f

    • SHA1

      d9c695a9a7685e17dc7dc2736c1dc2ade51c1fa5

    • SHA256

      e66aa15e8cd1227dc654ef8f70b4cf0e6e7981c9fe410134b2e0912305e7f81d

    • SHA512

      00fe19ee8dd19856b30d6f5da774c1c8ffcfd5f09a6f30f26aabb2aebc1c366317c205a2285a40d3a83d335d2756f7d671f626723c6a8d47428447f512d6cc58

    • SSDEEP

      192:wYo8O47AWLvyv56EWbALNkL7dgBMoBr/v8e1QDbOP9qnu+4RkY+hKWF:wF8dAWLvYCOMoFE+QsAnmkYq

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks