General

  • Target

    SecuriteInfo.com.Trojan.KillFiles2.2675.31217.14697

  • Size

    23KB

  • Sample

    240227-h7gpmabg7s

  • MD5

    e8911f3944a0f583a035404ac651dbf6

  • SHA1

    1d1ac6951d858b46c6534f0ac2e766d486410a44

  • SHA256

    2ede5b3ee36af240b64f1258b8a3ebd1398becac1a122ccb641394cfe28ad17a

  • SHA512

    0c5525078307807786cd5bcde16d390d2e8b8e0fe4800d6cdeaddcf8bfc71df8c299c7b4fabe787f64afee5544da746b1e35929477670a21e09f47b4bd5dbf18

  • SSDEEP

    384:m80GEIW1ulecvrYc2GrFtnvrYc2GrFteIjrYc2GrFt:mUlbDYc2UPnDYc2UPeIPYc2UP

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.KillFiles2.2675.31217.14697

    • Size

      23KB

    • MD5

      e8911f3944a0f583a035404ac651dbf6

    • SHA1

      1d1ac6951d858b46c6534f0ac2e766d486410a44

    • SHA256

      2ede5b3ee36af240b64f1258b8a3ebd1398becac1a122ccb641394cfe28ad17a

    • SHA512

      0c5525078307807786cd5bcde16d390d2e8b8e0fe4800d6cdeaddcf8bfc71df8c299c7b4fabe787f64afee5544da746b1e35929477670a21e09f47b4bd5dbf18

    • SSDEEP

      384:m80GEIW1ulecvrYc2GrFtnvrYc2GrFteIjrYc2GrFt:mUlbDYc2UPnDYc2UPeIPYc2UP

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks