General

  • Target

    download.png

  • Size

    9KB

  • Sample

    240509-b54caabe9y

  • MD5

    732eb34732fb586e1bc42ac36c4efedf

  • SHA1

    f1c18aaa59a2d04f68bd820617b2ac598e7496e9

  • SHA256

    5db010ee96d792b699bd5e85b713ca2b8a9ae928ecb66b09ecadf8c3f2544650

  • SHA512

    56fbe5c276f114befab1ae3574e1783f2766989163bd8fac0fecd2fb8b75e2ecaca070ef54d1075f52266a1db964b2a8060bcd2c29d528a676371052ff3f44ba

  • SSDEEP

    96:uMfyemh6q7s1AkRDdPTJM2+14SzWoiB7GgHrSQxJMa9:ZsT7s1NxJM2w4SKoqHrSB8

Malware Config

Targets

    • Target

      download.png

    • Size

      9KB

    • MD5

      732eb34732fb586e1bc42ac36c4efedf

    • SHA1

      f1c18aaa59a2d04f68bd820617b2ac598e7496e9

    • SHA256

      5db010ee96d792b699bd5e85b713ca2b8a9ae928ecb66b09ecadf8c3f2544650

    • SHA512

      56fbe5c276f114befab1ae3574e1783f2766989163bd8fac0fecd2fb8b75e2ecaca070ef54d1075f52266a1db964b2a8060bcd2c29d528a676371052ff3f44ba

    • SSDEEP

      96:uMfyemh6q7s1AkRDdPTJM2+14SzWoiB7GgHrSQxJMa9:ZsT7s1NxJM2w4SKoqHrSB8

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks