General

  • Target

    7ybj1pm1soj71.webp

  • Size

    13KB

  • Sample

    240428-vq8s1acg8y

  • MD5

    21479efe0178afc20bb33f7271251c2f

  • SHA1

    30e853befbdfbcfa06b17306bda8cd3338c70c40

  • SHA256

    20b1ceb3138e690a2af926b19437a396f9d766c60c098f929fa2610c1479c490

  • SHA512

    68be4df04af85a4bf4e0ed3e6e56cfeea51b8a3eeb46daa4a3270a274f3a40ab00f6187b1beba37c6bb2bd59ba676448965239c840a54f544bb03dc22a95cf92

  • SSDEEP

    384:j3Y+E9pMUe5y6EoNiWqd7gCYP7V91uWmmlMeJUnj:EzC4baHCYTV9phk

Malware Config

Targets

    • Target

      7ybj1pm1soj71.webp

    • Size

      13KB

    • MD5

      21479efe0178afc20bb33f7271251c2f

    • SHA1

      30e853befbdfbcfa06b17306bda8cd3338c70c40

    • SHA256

      20b1ceb3138e690a2af926b19437a396f9d766c60c098f929fa2610c1479c490

    • SHA512

      68be4df04af85a4bf4e0ed3e6e56cfeea51b8a3eeb46daa4a3270a274f3a40ab00f6187b1beba37c6bb2bd59ba676448965239c840a54f544bb03dc22a95cf92

    • SSDEEP

      384:j3Y+E9pMUe5y6EoNiWqd7gCYP7V91uWmmlMeJUnj:EzC4baHCYTV9phk

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Modifies firewall policy service

    • Modifies security service

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

    • Registers new Print Monitor

    • Sets file execution options in registry

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks