General

  • Target

    9028afc1026abf5af3eac15fdd310151

  • Size

    1.4MB

  • Sample

    240204-zy62lachdn

  • MD5

    9028afc1026abf5af3eac15fdd310151

  • SHA1

    bf9d8c46451e81cf02b1c571e9490f61cbc63a70

  • SHA256

    c8751539003cd5b53b19b70c0b1952612a0553bdd4453b68165f55b2073a2514

  • SHA512

    b5f9fa71cc72323501710636f5a51ecc46b5f8952ff0fcda1e2f1d4abb4f08f3b4c4f80e502666345148d37ade340d77cfb382e85e2bc08849bf32f5e73f5843

  • SSDEEP

    24576:VP9/vZkfUkcMZdmo8ubODPwXoAHpqxgWPzt4m0898DqY1M9lxrZHj7B:Z9HZt9MTmomTwXvqxsw8D2lxBPB

Malware Config

Targets

    • Target

      HijackThis.exe

    • Size

      1.4MB

    • MD5

      9be913750ae4181f5f382734368fa1fc

    • SHA1

      3aac08e3183d20bb3ea21ea756bdd99ed350aa58

    • SHA256

      1752839ecb3b9dd21d218e9ad96670f0e9b87d2bcf412a5c5ff5668468085f34

    • SHA512

      a63b215eaabd43623448bcaaef5f3c08968bc67d2fc1a2a7e8f75ee8f762d5bfa9e62230a50f9471be63134fc2ef6bfa8f5f78a229b79436c4243c81934a6f2f

    • SSDEEP

      24576:jV7cEhRAT50Mu3QdONjZlnBQswAu7eH+zA+cMrZDYu45VclQ8IEGF/B20fFB+57p:j3CxHONDnB3wPe2cO9n45Vcz+/UQm57

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks