General

  • Target

    Ddos-Tool-main.rar

  • Size

    3KB

  • Sample

    240222-vafghsdb28

  • MD5

    4b8362b82e69535e9e815e2416414fc7

  • SHA1

    315cdec3df5f839bd989f14490172c7726de5d43

  • SHA256

    49bb177e2d94665ee6af341f59ddb4abdff2b8d5bac4c4cd40ca6f0d343a3cf1

  • SHA512

    b43b4d17332733039d0c810cac2af204828f7e50b53b0610a7a3a4391f23308798e9e6e82fb83d7d49b4ae0654bff31f4cc14930759d78d353102b7bc062d2d0

Malware Config

Targets

    • Target

      Ddos-Tool-main.rar

    • Size

      3KB

    • MD5

      4b8362b82e69535e9e815e2416414fc7

    • SHA1

      315cdec3df5f839bd989f14490172c7726de5d43

    • SHA256

      49bb177e2d94665ee6af341f59ddb4abdff2b8d5bac4c4cd40ca6f0d343a3cf1

    • SHA512

      b43b4d17332733039d0c810cac2af204828f7e50b53b0610a7a3a4391f23308798e9e6e82fb83d7d49b4ae0654bff31f4cc14930759d78d353102b7bc062d2d0

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      Ddos-Tool-main/DDoSlayer.py

    • Size

      6KB

    • MD5

      66e950d982d97312a0d08fee67612581

    • SHA1

      b8e9ee06fd1d096f67301158786e1d24bd70fccd

    • SHA256

      399363691902a930fa01a94bfef7d05b0a8b7ab0d75c6e1cf68ae595c9cf4326

    • SHA512

      d1a7ad09a1002df7995e83afb1b2bca3e921778931e008985cdefe0b7491dd74464b709d8172becafd7f242d9f5bb81c1bb082012a74743b317ec528fa1a85b3

    • SSDEEP

      96:NaCHpHBw4o90HSbzsdNGI9vKx0qz9mijhjI2CupbhZVAhTOPyAhYue69uEKF/:PHpHBw4W0YzuNGc6LmijW2Cupa69KJ

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks