General

  • Target

    cce15977bd2f07afc6203cf7686e6c49ed7f20603a2ba6a0bb4269b2a1d1f2ab

  • Size

    1.1MB

  • Sample

    240322-asz9esdf23

  • MD5

    18327d35416e35c01e82453f12fb6bd0

  • SHA1

    7be39d35ed15f69904cc3d4ec988fbb73a4ae056

  • SHA256

    cce15977bd2f07afc6203cf7686e6c49ed7f20603a2ba6a0bb4269b2a1d1f2ab

  • SHA512

    16538460f59239a54b514894b3a98ce3f13a8e4ef22aa4b3cdc9ef4d2e6c7e4fd72b684d989edb4fde2c97620edb36ff466b7df9fa218f5d009e51c797d87390

  • SSDEEP

    24576:T+SlOaRgfVYVelNpy7r/LNqLNLKeZm5NdAeegGlPeWeeesiyeeeuk2ByO:qSUfVYVelNc7r/YtKeZm5IeegGBeWeeZ

Malware Config

Targets

    • Target

      cce15977bd2f07afc6203cf7686e6c49ed7f20603a2ba6a0bb4269b2a1d1f2ab

    • Size

      1.1MB

    • MD5

      18327d35416e35c01e82453f12fb6bd0

    • SHA1

      7be39d35ed15f69904cc3d4ec988fbb73a4ae056

    • SHA256

      cce15977bd2f07afc6203cf7686e6c49ed7f20603a2ba6a0bb4269b2a1d1f2ab

    • SHA512

      16538460f59239a54b514894b3a98ce3f13a8e4ef22aa4b3cdc9ef4d2e6c7e4fd72b684d989edb4fde2c97620edb36ff466b7df9fa218f5d009e51c797d87390

    • SSDEEP

      24576:T+SlOaRgfVYVelNpy7r/LNqLNLKeZm5NdAeegGlPeWeeesiyeeeuk2ByO:qSUfVYVelNc7r/YtKeZm5IeegGBeWeeZ

    • Modifies WinLogon for persistence

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Modifies system executable filetype association

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks