General

  • Target

    5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48

  • Size

    426KB

  • Sample

    240323-zveg6seh8x

  • MD5

    287640c09f2760fa1e705b41353a3c80

  • SHA1

    ee5632b4da6a8f657083f7c22f60363ab1e70059

  • SHA256

    5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48

  • SHA512

    cc1edc384e14909f6f04ed6fe51b27f442057b37cbbf3bc380ebcdff3a3d7ea32e4bfa3b3ced51840a1e5d3034e54c54e413e6aa4cc55142883c31d42be82bc6

  • SSDEEP

    6144:cLxrnIIA8briXbSJQ3bSxbSxbSCr93Zk4bSDD/B+G/B+ybSE1bS7/B+8vheDObSI:cLxrAGE1reehTlOVBZjqJJeiVQ9af

Malware Config

Targets

    • Target

      5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48

    • Size

      426KB

    • MD5

      287640c09f2760fa1e705b41353a3c80

    • SHA1

      ee5632b4da6a8f657083f7c22f60363ab1e70059

    • SHA256

      5fd6daa4d3e0caf838a4abbac3f5687017ce143cacbca05dd1fd4b7befab6a48

    • SHA512

      cc1edc384e14909f6f04ed6fe51b27f442057b37cbbf3bc380ebcdff3a3d7ea32e4bfa3b3ced51840a1e5d3034e54c54e413e6aa4cc55142883c31d42be82bc6

    • SSDEEP

      6144:cLxrnIIA8briXbSJQ3bSxbSxbSCr93Zk4bSDD/B+G/B+ybSE1bS7/B+8vheDObSI:cLxrAGE1reehTlOVBZjqJJeiVQ9af

    • Modifies WinLogon for persistence

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks