General

  • Target

    da555d19c5f8266961ffd953d91dd8ee

  • Size

    7.6MB

  • Sample

    240321-bsqknahd9x

  • MD5

    da555d19c5f8266961ffd953d91dd8ee

  • SHA1

    44815e424c7ca729d1ffa0efcc868320bab017cc

  • SHA256

    62d60d02e130532e6640bc74fe73bf32ba429c7e2345b156de215b79b0d7a1df

  • SHA512

    ea57d1799a2e0a461832968dc38e1750973d2a66a587eaa1e84dbb75cfb6bab27b55d332e36a38dea223f807fdf50e0a12128b895fde6ec40834d98c560d2071

  • SSDEEP

    196608:N7effIPEsy58doQaTzwZ8Jq3ELhf8cHpLG8doQpu8rVtxQuULG8doQal1Bf80bMk:N7effIPEsy58doQaTzwZ8Jq3ELhf8cHB

Malware Config

Targets

    • Target

      da555d19c5f8266961ffd953d91dd8ee

    • Size

      7.6MB

    • MD5

      da555d19c5f8266961ffd953d91dd8ee

    • SHA1

      44815e424c7ca729d1ffa0efcc868320bab017cc

    • SHA256

      62d60d02e130532e6640bc74fe73bf32ba429c7e2345b156de215b79b0d7a1df

    • SHA512

      ea57d1799a2e0a461832968dc38e1750973d2a66a587eaa1e84dbb75cfb6bab27b55d332e36a38dea223f807fdf50e0a12128b895fde6ec40834d98c560d2071

    • SSDEEP

      196608:N7effIPEsy58doQaTzwZ8Jq3ELhf8cHpLG8doQpu8rVtxQuULG8doQal1Bf80bMk:N7effIPEsy58doQaTzwZ8Jq3ELhf8cHB

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks