Resubmissions

15-04-2024 09:44

240415-lqvrpsbd55 8

15-04-2024 09:43

240415-lpyf7sdg3t 3

General

  • Target

    vitutal machine.txt

  • Size

    97B

  • Sample

    240415-lqvrpsbd55

  • MD5

    c2a2e4d1d0190d49c53480b02cab822c

  • SHA1

    762faf6a49f4576084974ca863baa0fe1140fff0

  • SHA256

    f2cbc0eb801c258d1edeb4ac4c18481994a82fd4a81794b5f11d223f95c1de07

  • SHA512

    de51d4888dba6766cfa00643e0181a4e2d37c9db78aa1d659ce1e4828df5d2d742091c441846faa27d86c22b0d179578cfea29193059bc6c32a9bf8c00ba5499

Malware Config

Targets

    • Target

      vitutal machine.txt

    • Size

      97B

    • MD5

      c2a2e4d1d0190d49c53480b02cab822c

    • SHA1

      762faf6a49f4576084974ca863baa0fe1140fff0

    • SHA256

      f2cbc0eb801c258d1edeb4ac4c18481994a82fd4a81794b5f11d223f95c1de07

    • SHA512

      de51d4888dba6766cfa00643e0181a4e2d37c9db78aa1d659ce1e4828df5d2d742091c441846faa27d86c22b0d179578cfea29193059bc6c32a9bf8c00ba5499

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks