General

  • Target

    dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c

  • Size

    441KB

  • Sample

    240323-alk6xsde6t

  • MD5

    213375cac46a9575aa354ad6d5c46e38

  • SHA1

    2a6b1a87e7fed126d762c71b90243457ee8b4eab

  • SHA256

    dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c

  • SHA512

    27b7d81f0c7bad83cd63154d25c55cf0582aa1e0d01676d8ebe4aeaef92f2fbe13163da21499495ff5b4bfea44d09d2c938c9beb8355b3083cf16f2968e5c6d2

  • SSDEEP

    12288:cLxrAGE1reeemeMX9RmsXeDa0JmDcQ9uu:cLy1reeemeE9RmyeDa0JmDwu

Malware Config

Targets

    • Target

      dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c

    • Size

      441KB

    • MD5

      213375cac46a9575aa354ad6d5c46e38

    • SHA1

      2a6b1a87e7fed126d762c71b90243457ee8b4eab

    • SHA256

      dc2ab5eddbbe80232875c7ae122fc9867f557fc44a5f46aac8eceeec9918f43c

    • SHA512

      27b7d81f0c7bad83cd63154d25c55cf0582aa1e0d01676d8ebe4aeaef92f2fbe13163da21499495ff5b4bfea44d09d2c938c9beb8355b3083cf16f2968e5c6d2

    • SSDEEP

      12288:cLxrAGE1reeemeMX9RmsXeDa0JmDcQ9uu:cLy1reeemeE9RmyeDa0JmDwu

    • Modifies WinLogon for persistence

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks