General

  • Target

    file

  • Size

    311KB

  • Sample

    240501-2y3qaabh42

  • MD5

    c9007d0c4f8e779c0cf2abed77f7cf73

  • SHA1

    fd18dccca2d176c1ddad654ba670ce0cad11363c

  • SHA256

    ac9fc4e93081a956a51e3da6343e48e6ae60260d781d892934be9aa80f0255ca

  • SHA512

    058d4db715a47f2fb70b4c408a35581da46602a4be23766eb25abc0e9c4e17352b69a6ca2f55da65c89b59f7bf0cbdb2aa9d1609e643999cfc57682baf72843d

  • SSDEEP

    3072:ViKgAkHnjPIQ6KSEX/7HbPaW+LN7DxRLlzglKrEX4:/gAkHnjPIQBSEj7PCN7jBrEX4

Malware Config

Targets

    • Target

      file

    • Size

      311KB

    • MD5

      c9007d0c4f8e779c0cf2abed77f7cf73

    • SHA1

      fd18dccca2d176c1ddad654ba670ce0cad11363c

    • SHA256

      ac9fc4e93081a956a51e3da6343e48e6ae60260d781d892934be9aa80f0255ca

    • SHA512

      058d4db715a47f2fb70b4c408a35581da46602a4be23766eb25abc0e9c4e17352b69a6ca2f55da65c89b59f7bf0cbdb2aa9d1609e643999cfc57682baf72843d

    • SSDEEP

      3072:ViKgAkHnjPIQ6KSEX/7HbPaW+LN7DxRLlzglKrEX4:/gAkHnjPIQBSEj7PCN7jBrEX4

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks