General

  • Target

    ae5f9bc3188accbc5475342a0296feec

  • Size

    632KB

  • Sample

    240229-nalj7sfb3v

  • MD5

    ae5f9bc3188accbc5475342a0296feec

  • SHA1

    3b6ecfe24dd30bdc73e562fbf64d89c167db795b

  • SHA256

    9a0806417d2d17995e9d9a5c5010ec92970607b72530572297e136bc0e646445

  • SHA512

    4de001790550437a5da6ac143de9fa782bd22adeccc6de0f2357da9d7acbcda8754a98cff7e4d8c772ddec09d9060d59123fcaf88165190b45186952825e26d7

  • SSDEEP

    12288:tzy6rRxEWB2zHCEA7HkRHcotHiFKnjJcPDZTzuIhBKWnPy:46rTkikrt3jGPlvJfK4Py

Malware Config

Targets

    • Target

      ae5f9bc3188accbc5475342a0296feec

    • Size

      632KB

    • MD5

      ae5f9bc3188accbc5475342a0296feec

    • SHA1

      3b6ecfe24dd30bdc73e562fbf64d89c167db795b

    • SHA256

      9a0806417d2d17995e9d9a5c5010ec92970607b72530572297e136bc0e646445

    • SHA512

      4de001790550437a5da6ac143de9fa782bd22adeccc6de0f2357da9d7acbcda8754a98cff7e4d8c772ddec09d9060d59123fcaf88165190b45186952825e26d7

    • SSDEEP

      12288:tzy6rRxEWB2zHCEA7HkRHcotHiFKnjJcPDZTzuIhBKWnPy:46rTkikrt3jGPlvJfK4Py

    • Modifies WinLogon for persistence

    • Adds policy Run key to start application

    • Drops file in Drivers directory

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks