General
-
Target
DivineFIX2.exe
-
Size
3.7MB
-
Sample
240423-p2twbsgd3t
-
MD5
299d6c9057232caf1cf664bfe6d7af79
-
SHA1
aada34638d3f62b1eabfc7cb4a62be010a1b1bd2
-
SHA256
00b1eac24e44cea37697864be033fcb86ecc5b4333fc06f7c031ec7422b06945
-
SHA512
41f2957090fc9bec72d377a215d79ba5429de73483dcd3e9c02762101c62f8f03a54861a6a55a0216d2c2c91e9ada2ea1ccb912a0a90caf5d0f87d3b995754f5
-
SSDEEP
98304:nt21benq1upe+aykWNawjqdCm02p/vO/r8c2QFiFnidnZqu:no1bfK5kRZp/vOz8zQSd
Malware Config
Targets
-
-
Target
DivineFIX2.exe
-
Size
3.7MB
-
MD5
299d6c9057232caf1cf664bfe6d7af79
-
SHA1
aada34638d3f62b1eabfc7cb4a62be010a1b1bd2
-
SHA256
00b1eac24e44cea37697864be033fcb86ecc5b4333fc06f7c031ec7422b06945
-
SHA512
41f2957090fc9bec72d377a215d79ba5429de73483dcd3e9c02762101c62f8f03a54861a6a55a0216d2c2c91e9ada2ea1ccb912a0a90caf5d0f87d3b995754f5
-
SSDEEP
98304:nt21benq1upe+aykWNawjqdCm02p/vO/r8c2QFiFnidnZqu:no1bfK5kRZp/vOz8zQSd
Score8/10-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1