General

  • Target

    aeee5dd4338d9e5a4632763b77144f3603b3b4bff78884b002cad20c35c8f628

  • Size

    386KB

  • Sample

    240323-3sv9paed49

  • MD5

    a917728e78deb1b51b75ca17d342c215

  • SHA1

    0c5263487d5dc66d3ba4322238bf65f70ba7a981

  • SHA256

    aeee5dd4338d9e5a4632763b77144f3603b3b4bff78884b002cad20c35c8f628

  • SHA512

    71c034d7292ab293483e98667c325e0380ebc3dff65fc0a4228dfb7706f8ce06e87a1182aa92da62fecb9ac453bb7ebb8e7695d7b36ae20710cb95ce2896de05

  • SSDEEP

    6144:ajbSAheDFnkP+6bfbSxbSxbSxbSebLLjOHubSszbSxbSRtabSxbSAheDObSxbSxc:aDp+Aeee9PXfeqEeDJeeeeeePFAv

Malware Config

Targets

    • Target

      aeee5dd4338d9e5a4632763b77144f3603b3b4bff78884b002cad20c35c8f628

    • Size

      386KB

    • MD5

      a917728e78deb1b51b75ca17d342c215

    • SHA1

      0c5263487d5dc66d3ba4322238bf65f70ba7a981

    • SHA256

      aeee5dd4338d9e5a4632763b77144f3603b3b4bff78884b002cad20c35c8f628

    • SHA512

      71c034d7292ab293483e98667c325e0380ebc3dff65fc0a4228dfb7706f8ce06e87a1182aa92da62fecb9ac453bb7ebb8e7695d7b36ae20710cb95ce2896de05

    • SSDEEP

      6144:ajbSAheDFnkP+6bfbSxbSxbSxbSebLLjOHubSszbSxbSRtabSxbSAheDObSxbSxc:aDp+Aeee9PXfeqEeDJeeeeeePFAv

    • Modifies WinLogon for persistence

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks