General

  • Target

    cd3cb6dbf7b92f83393027b04e267d4345523cf5bde7f8087db77ec68c1e41b6

  • Size

    470KB

  • Sample

    240324-a77xtahg6t

  • MD5

    a3bad5ebe358c61cde39984440b4c39b

  • SHA1

    075c084f8dc632bddde2c3e6d83c4c0e67a98adf

  • SHA256

    cd3cb6dbf7b92f83393027b04e267d4345523cf5bde7f8087db77ec68c1e41b6

  • SHA512

    9569a3a6eeb1e2b9be99b95e9f6bf2a18d275aa44f04311d06e18e2efd909908dd472dbe2c5700248c47f12795cfd877747bd975121cb357502b3b5b125d2d15

  • SSDEEP

    6144:cLxrnIIA8briXbSJQ3bSxbSxbSxbSmbSxbS7/B+zheDopcbS3znbSxbSM1MbSxbq:cLxrAGE1reeeXeqK26eGeDJjVHpZW

Malware Config

Targets

    • Target

      cd3cb6dbf7b92f83393027b04e267d4345523cf5bde7f8087db77ec68c1e41b6

    • Size

      470KB

    • MD5

      a3bad5ebe358c61cde39984440b4c39b

    • SHA1

      075c084f8dc632bddde2c3e6d83c4c0e67a98adf

    • SHA256

      cd3cb6dbf7b92f83393027b04e267d4345523cf5bde7f8087db77ec68c1e41b6

    • SHA512

      9569a3a6eeb1e2b9be99b95e9f6bf2a18d275aa44f04311d06e18e2efd909908dd472dbe2c5700248c47f12795cfd877747bd975121cb357502b3b5b125d2d15

    • SSDEEP

      6144:cLxrnIIA8briXbSJQ3bSxbSxbSxbSmbSxbS7/B+zheDopcbS3znbSxbSM1MbSxbq:cLxrAGE1reeeXeqK26eGeDJjVHpZW

    • Modifies WinLogon for persistence

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks