General

  • Target

    26f795c92ac7bc73af028c9f4a8597617413704d533dd468769ec34f2f5ef2fc

  • Size

    209KB

  • Sample

    240323-xc5kjaag83

  • MD5

    c1eacb2cf503ed0b75507e7148acb5d7

  • SHA1

    88252d15b12d016666d20b1f8547c6b938fdd6e7

  • SHA256

    26f795c92ac7bc73af028c9f4a8597617413704d533dd468769ec34f2f5ef2fc

  • SHA512

    7c376883c6dec8de18b82cc1c433b5602d943db32b667c234541d7f78f035c353a26de4caee42cc323764e92aa87de5bf7e1e7079f57aafa47a940b4c16e364f

  • SSDEEP

    3072:KXKQes5NFetlC5hzSUHER4DlelohtJ0nXTjW2DA/hiK/J5n2ThWsNexPnCrnYqi1:cLs8GUHER4D02heDE/w8rnkP+6bRU

Malware Config

Targets

    • Target

      26f795c92ac7bc73af028c9f4a8597617413704d533dd468769ec34f2f5ef2fc

    • Size

      209KB

    • MD5

      c1eacb2cf503ed0b75507e7148acb5d7

    • SHA1

      88252d15b12d016666d20b1f8547c6b938fdd6e7

    • SHA256

      26f795c92ac7bc73af028c9f4a8597617413704d533dd468769ec34f2f5ef2fc

    • SHA512

      7c376883c6dec8de18b82cc1c433b5602d943db32b667c234541d7f78f035c353a26de4caee42cc323764e92aa87de5bf7e1e7079f57aafa47a940b4c16e364f

    • SSDEEP

      3072:KXKQes5NFetlC5hzSUHER4DlelohtJ0nXTjW2DA/hiK/J5n2ThWsNexPnCrnYqi1:cLs8GUHER4D02heDE/w8rnkP+6bRU

    • Modifies WinLogon for persistence

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks