General

  • Target

    Active.quicktech.com (3).exe

  • Size

    7.2MB

  • Sample

    240223-scc33abe54

  • MD5

    1d739034e2dedde157c750e91ff1462f

  • SHA1

    a22e07055e5f8810887fbd1e817819d2f64aa648

  • SHA256

    309772950e7400560d47ec30081333902d0e33f4faee3dfa99bb89ac833f6822

  • SHA512

    95d6d8690dd995b9b8a7a1534fd840197f01f37c065985b22595c0617e41366d5af9ec020d73c96db77fb59350fc2729cf80c384de34fb50861c94bd8a9b0f56

  • SSDEEP

    98304:Eb+E78YFs+GMI2ZQq/moGB5Bo4KcuG3BU/MfW2:KH93I2ZQq/moGB524UG3BU/Me

Malware Config

Targets

    • Target

      Active.quicktech.com (3).exe

    • Size

      7.2MB

    • MD5

      1d739034e2dedde157c750e91ff1462f

    • SHA1

      a22e07055e5f8810887fbd1e817819d2f64aa648

    • SHA256

      309772950e7400560d47ec30081333902d0e33f4faee3dfa99bb89ac833f6822

    • SHA512

      95d6d8690dd995b9b8a7a1534fd840197f01f37c065985b22595c0617e41366d5af9ec020d73c96db77fb59350fc2729cf80c384de34fb50861c94bd8a9b0f56

    • SSDEEP

      98304:Eb+E78YFs+GMI2ZQq/moGB5Bo4KcuG3BU/MfW2:KH93I2ZQq/moGB524UG3BU/Me

    • Modifies RDP port number used by Windows

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks