General

  • Target

    sample

  • Size

    308KB

  • Sample

    240309-lybnssff3z

  • MD5

    4da2156a683e01012098c711dc4e861b

  • SHA1

    e6f695079c161427b5d6d12905138bfdfdfd5d00

  • SHA256

    1342509901971b2cc64372500b4db0c227ff364a0e0a3e2b5b1780e2ccf324d9

  • SHA512

    19cc52c61afad6a754d44c18b09c064d5996a0d7f2f41080c88eb9139478510d3eede055a66e47d982126b143a1d28e68c8e376e3bca4261ba1a933c3790ca3f

  • SSDEEP

    1536:Lc6rvGwRS+qHfWeZT3BDwh7RPvysnWVeBK9atsmCWyiDQzgxXJQsvdYo2pWlF1Pp:Lc6r2WeZ2dPoAmo2ECNyiKsKOdAnjX

Malware Config

Targets

    • Target

      sample

    • Size

      308KB

    • MD5

      4da2156a683e01012098c711dc4e861b

    • SHA1

      e6f695079c161427b5d6d12905138bfdfdfd5d00

    • SHA256

      1342509901971b2cc64372500b4db0c227ff364a0e0a3e2b5b1780e2ccf324d9

    • SHA512

      19cc52c61afad6a754d44c18b09c064d5996a0d7f2f41080c88eb9139478510d3eede055a66e47d982126b143a1d28e68c8e376e3bca4261ba1a933c3790ca3f

    • SSDEEP

      1536:Lc6rvGwRS+qHfWeZT3BDwh7RPvysnWVeBK9atsmCWyiDQzgxXJQsvdYo2pWlF1Pp:Lc6r2WeZ2dPoAmo2ECNyiKsKOdAnjX

    • Creates new service(s)

    • Downloads MZ/PE file

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks