General
-
Target
Fluorocarbomorpholide.zip
-
Size
307KB
-
Sample
240422-qz5eqaca83
-
MD5
c44da3f2bb10d7651c0f8b0222cb236c
-
SHA1
2167ddd9e9a0dec9930e4c2c4ce2a9ec666a3435
-
SHA256
8cfe620c739729eb82839dffb37a67213b8f4aa2ba480a9dd8fd6b0f02e5d360
-
SHA512
35b96da55c252233a260c6f9597894d4ec71dd532690bc59d83957d910c4b0ab77cf5d122f59547b214e8f91b2cc87d97488f0c81a64bab7a69f8998d4ad3a5e
-
SSDEEP
6144:x1fBQcUxuwYxpLBf7wG54XdJQM/HBKtb0YCVoMPvAef3wG/4XdJUMf2:ZYXScG5AHpBKtb0RVoqzoG/AHB2
Malware Config
Targets
-
-
Target
Fluorocarbomorpholide.exe
-
Size
249KB
-
MD5
5a3a24e9f5cb29cc1c5dbfea45ee6286
-
SHA1
7631d6d2e0464b7555b35aae09c4f77a73306722
-
SHA256
23289377de8b747b51dff08fd6321714fd834d2bd3d2b8845eee228e073b1e60
-
SHA512
c9fc63bc585511c1fe33c67471394a6ba540567e3881e55d20bab73d255e2de2173c3bcb5a181552b9875a9b419ced86b6822205182f3f06d8fe30331c47836d
-
SSDEEP
3072:B5bKZ+EdP/kDsCnO79mznWSppD1bzjg/rP+PVJ2qPkYFJ12ChYSN8R/2ONglXxf8:Bw4EdwTbDDKGtlrl5FBf1wGD4XdJIM
Score8/10-
Disables Task Manager via registry modification
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Fluorocarbomorpholide.harmless.exe
-
Size
247KB
-
MD5
bcb5697708f27b938b81b074ba390644
-
SHA1
5ea57710b17d6d9a28f3cf396e4d9e341a90fba2
-
SHA256
fc84d511a93e93fd9b0f266249ab85b64c2b32f5163d396a267c08eab07fd8bb
-
SHA512
85057d8bcd6c36d8e9544ccac77d3bf8ef3ecf7a9b3b6b8d81aa0cd3e6af74ed48a90517815bb3a5b6f8ff8a5bb40c3da71435998fb98576675f9d95b7a889b1
-
SSDEEP
3072:yWPy+EdP/kDsCnO79mznWSppD1bzjg/rP+PVJ2qPkYFJ12ChYSN8R/2ONglXxfR2:yYEdwTbDDKGtlrl5FBf1wGD4XdJIM
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1