General
-
Target
AAct_x64.exe
-
Size
1.5MB
-
Sample
240415-lqmfbsdg4w
-
MD5
de204efb5f4f9b88a4f95363b39ef27e
-
SHA1
a79e0a2122a12165b58d17e6344ebe446dba4da0
-
SHA256
e1782dac8a2ad603ced2ad07901420220ba76cf7378ded425792e84fb6c7bc4f
-
SHA512
1fef6a4908ecd278327b7aca2dcb9d17a1003f4d92a4a67c79b1ba15885e5280c8ece6745cee4f9c70b5ce28cc16912c80d5877b1c9bbdfbbbd091170edf37e2
-
SSDEEP
24576:SXlqTcefO1lU1tmDSvy+hhdZTWcn8ElBSOyNpM3LPueNy50fpzJVuSU/jcac0YMH:7T2cbvzhnkg/lBSOyc2cy50f1Au0YMAi
Malware Config
Targets
-
-
Target
AAct_x64.exe
-
Size
1.5MB
-
MD5
de204efb5f4f9b88a4f95363b39ef27e
-
SHA1
a79e0a2122a12165b58d17e6344ebe446dba4da0
-
SHA256
e1782dac8a2ad603ced2ad07901420220ba76cf7378ded425792e84fb6c7bc4f
-
SHA512
1fef6a4908ecd278327b7aca2dcb9d17a1003f4d92a4a67c79b1ba15885e5280c8ece6745cee4f9c70b5ce28cc16912c80d5877b1c9bbdfbbbd091170edf37e2
-
SSDEEP
24576:SXlqTcefO1lU1tmDSvy+hhdZTWcn8ElBSOyNpM3LPueNy50fpzJVuSU/jcac0YMH:7T2cbvzhnkg/lBSOyc2cy50f1Au0YMAi
-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Browser Extensions
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Modify Registry
6