Resubmissions

25-04-2024 18:13

240425-wt9p5sdc51 10

25-04-2024 18:08

240425-wqze1add38 10

25-04-2024 18:05

240425-wpcjvadc2t 8

General

  • Target

    sample

  • Size

    19KB

  • Sample

    240425-wpcjvadc2t

  • MD5

    39a49a0f8ac6c6c2532c8e0fb619314f

  • SHA1

    f58325cf2a9a92031697915b0759630699872fd5

  • SHA256

    4b4d5673b94b4265836247a57b146413100698ed5c79a9f93409abec7c5d9c68

  • SHA512

    2069d523e9777c62d5f463364f9d851969e714801b146434a0e2dbe95060715ffce7fd301632bbe93fd8eb1e9ed5aae74813f4c7cd1694238ba9e382e7411f93

  • SSDEEP

    384:rLyv/u9KDpmReVoOs4Mi9ylKeGMxU8HhhbJnQ7xZS2LjFrSX+NVJCBXQL:rLytBVoOs4MmyI1M1BhbFuPFrSsJQQL

Malware Config

Targets

    • Target

      sample

    • Size

      19KB

    • MD5

      39a49a0f8ac6c6c2532c8e0fb619314f

    • SHA1

      f58325cf2a9a92031697915b0759630699872fd5

    • SHA256

      4b4d5673b94b4265836247a57b146413100698ed5c79a9f93409abec7c5d9c68

    • SHA512

      2069d523e9777c62d5f463364f9d851969e714801b146434a0e2dbe95060715ffce7fd301632bbe93fd8eb1e9ed5aae74813f4c7cd1694238ba9e382e7411f93

    • SSDEEP

      384:rLyv/u9KDpmReVoOs4Mi9ylKeGMxU8HhhbJnQ7xZS2LjFrSX+NVJCBXQL:rLytBVoOs4MmyI1M1BhbFuPFrSsJQQL

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies WinLogon

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Command and Control

Web Service

1
T1102

Impact

Defacement

1
T1491

Tasks