General

  • Target

    Module.dll

  • Size

    4.9MB

  • Sample

    240415-m74xdafb8w

  • MD5

    5b607c17bd58fc09053ae6e6cf591ef2

  • SHA1

    ded6dfff7bb1a6353c5797b5bd2ebcecc4eb95e3

  • SHA256

    1c81d14d5ab040b4705c73ce7ed3f7f01ce02c70814b89e29ca17ac3b67e7699

  • SHA512

    50d271d77f31550fd362105c5dfd2f3bc853ecb31dae645e6af1ef21f73770a8f2b56561d3b742ebc531b9e3aadbf1f0b8e62205486e60c5a2c1c4ebd49998a6

  • SSDEEP

    49152:b0Fmy/YWX13M3a1Bvg/TdEV8dCE2Co8YSgkT+/zYJ:+myQIaK1BY/iV8dMSU8

Malware Config

Targets

    • Target

      Module.dll

    • Size

      4.9MB

    • MD5

      5b607c17bd58fc09053ae6e6cf591ef2

    • SHA1

      ded6dfff7bb1a6353c5797b5bd2ebcecc4eb95e3

    • SHA256

      1c81d14d5ab040b4705c73ce7ed3f7f01ce02c70814b89e29ca17ac3b67e7699

    • SHA512

      50d271d77f31550fd362105c5dfd2f3bc853ecb31dae645e6af1ef21f73770a8f2b56561d3b742ebc531b9e3aadbf1f0b8e62205486e60c5a2c1c4ebd49998a6

    • SSDEEP

      49152:b0Fmy/YWX13M3a1Bvg/TdEV8dCE2Co8YSgkT+/zYJ:+myQIaK1BY/iV8dMSU8

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks