General

  • Target

    649c5c136560da6627f8dc43aaa406a7fd59596c69cf9c58b7ce8cd6924323d7

  • Size

    415KB

  • Sample

    240321-zh8kgsbf8s

  • MD5

    61c91b2f0d2bf61d2f06a25ee0870b7b

  • SHA1

    e60e947063f2d5e5f5dbaadb42896cab965e724a

  • SHA256

    649c5c136560da6627f8dc43aaa406a7fd59596c69cf9c58b7ce8cd6924323d7

  • SHA512

    14d3b9497c06b0bf5ec5728b4687001751d23b52df5cb6b5ec6e72bfa05abd64caef768c34c0160fe7113abc72f5ddb84e62f600c26acce397b06f516a4651a6

  • SSDEEP

    6144:MrnkP+6t7nkP+6beheDObSxbSVtbSyheDgheDV6mR6yHP4fnkP+6bOv5bSxbSy79:MQ++g+RJeKBx5gXBgE+TteV7MxLkLNz

Malware Config

Targets

    • Target

      649c5c136560da6627f8dc43aaa406a7fd59596c69cf9c58b7ce8cd6924323d7

    • Size

      415KB

    • MD5

      61c91b2f0d2bf61d2f06a25ee0870b7b

    • SHA1

      e60e947063f2d5e5f5dbaadb42896cab965e724a

    • SHA256

      649c5c136560da6627f8dc43aaa406a7fd59596c69cf9c58b7ce8cd6924323d7

    • SHA512

      14d3b9497c06b0bf5ec5728b4687001751d23b52df5cb6b5ec6e72bfa05abd64caef768c34c0160fe7113abc72f5ddb84e62f600c26acce397b06f516a4651a6

    • SSDEEP

      6144:MrnkP+6t7nkP+6beheDObSxbSVtbSyheDgheDV6mR6yHP4fnkP+6bOv5bSxbSy79:MQ++g+RJeKBx5gXBgE+TteV7MxLkLNz

    • Modifies WinLogon for persistence

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks