General

  • Target

    sample

  • Size

    82KB

  • Sample

    240502-sydlqadh93

  • MD5

    aefa74bfa9b56100c141f3b7d3f3a09d

  • SHA1

    abf30ca82b2e70317b3ada6a2ad96d670c19ebf5

  • SHA256

    bb76ed8606711a007d823cb620c4603537bc06fcc7e728f3a47efbd4b7c0d1c2

  • SHA512

    3ee05c3403f1fe3a9ca3c9217404bb4fd054e932435ed5653b2a0864fb171375a2187af0589a1e94e855e45cb05712d430d17e7814d63e217b3da9dcf38ffc4f

  • SSDEEP

    1536:jqcEYq4NOFYvvjpA8KQkeSVN0NtsstMxGxdKY3:WcEYqmO+p/t2GT

Malware Config

Targets

    • Target

      sample

    • Size

      82KB

    • MD5

      aefa74bfa9b56100c141f3b7d3f3a09d

    • SHA1

      abf30ca82b2e70317b3ada6a2ad96d670c19ebf5

    • SHA256

      bb76ed8606711a007d823cb620c4603537bc06fcc7e728f3a47efbd4b7c0d1c2

    • SHA512

      3ee05c3403f1fe3a9ca3c9217404bb4fd054e932435ed5653b2a0864fb171375a2187af0589a1e94e855e45cb05712d430d17e7814d63e217b3da9dcf38ffc4f

    • SSDEEP

      1536:jqcEYq4NOFYvvjpA8KQkeSVN0NtsstMxGxdKY3:WcEYqmO+p/t2GT

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks