General

  • Target

    Stern.exe

  • Size

    5.9MB

  • Sample

    240302-zswcxahh28

  • MD5

    d4833b0220121e2c41c923360d77da1a

  • SHA1

    7863eaa06b7d80a2120993faa7bd0b5b2ecbed76

  • SHA256

    2eab2306bf636d962dea38d0e13c69b3cd11cfbca0e0164d0475542b4bc5a48b

  • SHA512

    2cda3db08ea34ebe21f14132b2afdae27246796b95188197946d31f461e16e2ade8ca36ba70e400cac98a8bc146b59dfed57cf804f83883e8c9299df8fcdade4

  • SSDEEP

    98304:OwCblt+KOS4F2omcQ94CRwh+wl/4ioB7CuenSM3R7wwLziiTasI/VYXmm+ScWXng:OwaM2oFQ9RRNc/4M55RTiiwVOcS7XjxO

Malware Config

Targets

    • Target

      Stern.exe

    • Size

      5.9MB

    • MD5

      d4833b0220121e2c41c923360d77da1a

    • SHA1

      7863eaa06b7d80a2120993faa7bd0b5b2ecbed76

    • SHA256

      2eab2306bf636d962dea38d0e13c69b3cd11cfbca0e0164d0475542b4bc5a48b

    • SHA512

      2cda3db08ea34ebe21f14132b2afdae27246796b95188197946d31f461e16e2ade8ca36ba70e400cac98a8bc146b59dfed57cf804f83883e8c9299df8fcdade4

    • SSDEEP

      98304:OwCblt+KOS4F2omcQ94CRwh+wl/4ioB7CuenSM3R7wwLziiTasI/VYXmm+ScWXng:OwaM2oFQ9RRNc/4M55RTiiwVOcS7XjxO

    • Creates new service(s)

    • Drops file in Drivers directory

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks