General

  • Target

    smartrat.txt

  • Size

    85.2MB

  • Sample

    240302-tj9ahseg4t

  • MD5

    67546c958d28f69491ae5e0fb9a7ee11

  • SHA1

    12f7746b48a3de3a57bce6e8954c84d0c5a697d5

  • SHA256

    fa11472f6a5ca85ea2d58b1160166b3e1f4e453b38d98a57b3abf0e75025055c

  • SHA512

    2a2e390564ba80f41c8c768a5a76e8f2d882582669e6e5014cb1b7c3815e6b59d85d65d9e7785547dfad3b67b5665e5853d67724f23ce8186fbb7cdda5b6c311

  • SSDEEP

    1572864:NUXPU1e4iamkhLDyPl4QiZOznqf3Gd6xdnj+Y/5szJfE78PZNl8WKZwSBE/o6F:NUX4e4iadhLDy943Eznyo6V/8V7l8IAU

Malware Config

Targets

    • Target

      smartrat.txt

    • Size

      85.2MB

    • MD5

      67546c958d28f69491ae5e0fb9a7ee11

    • SHA1

      12f7746b48a3de3a57bce6e8954c84d0c5a697d5

    • SHA256

      fa11472f6a5ca85ea2d58b1160166b3e1f4e453b38d98a57b3abf0e75025055c

    • SHA512

      2a2e390564ba80f41c8c768a5a76e8f2d882582669e6e5014cb1b7c3815e6b59d85d65d9e7785547dfad3b67b5665e5853d67724f23ce8186fbb7cdda5b6c311

    • SSDEEP

      1572864:NUXPU1e4iamkhLDyPl4QiZOznqf3Gd6xdnj+Y/5szJfE78PZNl8WKZwSBE/o6F:NUX4e4iadhLDy943Eznyo6V/8V7l8IAU

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks