General

  • Target

    Testing.rar

  • Size

    37.8MB

  • Sample

    240428-dkymeaef99

  • MD5

    8d6b37ef0f54b871c85228388a348077

  • SHA1

    36feaa5fac61943daa26c9ad5113199bb53f5c7f

  • SHA256

    614122f41915536c2bc43cd5e121c6ef51bc5798d12974532e96ee3279512185

  • SHA512

    642c1c9e602a301cef36060e5ceb61d5fd3bdecc82ca54e7c230072719cd9b4dd809233e61ad11459c99947c0066176f55b0cd3171050ba89e281fd26c8ad8a2

  • SSDEEP

    786432:SqF34ghtnOE1OhZroYvklX4eebTbuUeQnUiVyWwZPWSl:SYhtOVZcuNHKWUiUZOSl

Malware Config

Targets

    • Target

      Testing.rar

    • Size

      37.8MB

    • MD5

      8d6b37ef0f54b871c85228388a348077

    • SHA1

      36feaa5fac61943daa26c9ad5113199bb53f5c7f

    • SHA256

      614122f41915536c2bc43cd5e121c6ef51bc5798d12974532e96ee3279512185

    • SHA512

      642c1c9e602a301cef36060e5ceb61d5fd3bdecc82ca54e7c230072719cd9b4dd809233e61ad11459c99947c0066176f55b0cd3171050ba89e281fd26c8ad8a2

    • SSDEEP

      786432:SqF34ghtnOE1OhZroYvklX4eebTbuUeQnUiVyWwZPWSl:SYhtOVZcuNHKWUiUZOSl

    • Modifies Windows Defender Real-time Protection settings

    • Modifies firewall policy service

    • Disables RegEdit via registry modification

    • Modifies Windows Firewall

    • Stops running service(s)

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

4
T1543

Windows Service

4
T1543.003

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Create or Modify System Process

4
T1543

Windows Service

4
T1543.003

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

5
T1112

Impair Defenses

3
T1562

Disable or Modify Tools

1
T1562.001

Disable or Modify System Firewall

1
T1562.004

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Impact

Service Stop

1
T1489

Tasks