General
-
Target
osu!.exe
-
Size
4.3MB
-
Sample
240423-wj9x6aad7w
-
MD5
3c14c93d40877ae816cc8ed03d38bdaa
-
SHA1
418b808bbe42066f4d25fdd37593426b014a0b9a
-
SHA256
8d73e298cbfd2ab3a3748c3512b6ad6ce4784aeaedc3f050b5bc48d51bddd651
-
SHA512
40cc3b757a24312793457a582411a721a7997a32a1b75cdf548d74dfb9a72985e3b6b8c7bebefaf8e12f4dd25b1827c4f28d1330fac86bc74ae570ea4c7de3ff
-
SSDEEP
98304:1ptvf9do8hOds0zJHpc4A2SBWuCZxRxpDOh:1vHo8IS0zppcqSMPi
Static task
static1
Malware Config
Targets
-
-
Target
osu!.exe
-
Size
4.3MB
-
MD5
3c14c93d40877ae816cc8ed03d38bdaa
-
SHA1
418b808bbe42066f4d25fdd37593426b014a0b9a
-
SHA256
8d73e298cbfd2ab3a3748c3512b6ad6ce4784aeaedc3f050b5bc48d51bddd651
-
SHA512
40cc3b757a24312793457a582411a721a7997a32a1b75cdf548d74dfb9a72985e3b6b8c7bebefaf8e12f4dd25b1827c4f28d1330fac86bc74ae570ea4c7de3ff
-
SSDEEP
98304:1ptvf9do8hOds0zJHpc4A2SBWuCZxRxpDOh:1vHo8IS0zppcqSMPi
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4