General
-
Target
sample
-
Size
82KB
-
Sample
240502-sydlqadh93
-
MD5
aefa74bfa9b56100c141f3b7d3f3a09d
-
SHA1
abf30ca82b2e70317b3ada6a2ad96d670c19ebf5
-
SHA256
bb76ed8606711a007d823cb620c4603537bc06fcc7e728f3a47efbd4b7c0d1c2
-
SHA512
3ee05c3403f1fe3a9ca3c9217404bb4fd054e932435ed5653b2a0864fb171375a2187af0589a1e94e855e45cb05712d430d17e7814d63e217b3da9dcf38ffc4f
-
SSDEEP
1536:jqcEYq4NOFYvvjpA8KQkeSVN0NtsstMxGxdKY3:WcEYqmO+p/t2GT
Static task
static1
Malware Config
Targets
-
-
Target
sample
-
Size
82KB
-
MD5
aefa74bfa9b56100c141f3b7d3f3a09d
-
SHA1
abf30ca82b2e70317b3ada6a2ad96d670c19ebf5
-
SHA256
bb76ed8606711a007d823cb620c4603537bc06fcc7e728f3a47efbd4b7c0d1c2
-
SHA512
3ee05c3403f1fe3a9ca3c9217404bb4fd054e932435ed5653b2a0864fb171375a2187af0589a1e94e855e45cb05712d430d17e7814d63e217b3da9dcf38ffc4f
-
SSDEEP
1536:jqcEYq4NOFYvvjpA8KQkeSVN0NtsstMxGxdKY3:WcEYqmO+p/t2GT
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4