Resubmissions

10/05/2024, 23:38

240510-3m7ersgd9v 8

10/05/2024, 23:15

240510-28h4maab26 7

General

  • Target

    TangoGen.rar

  • Size

    39.6MB

  • Sample

    240510-3m7ersgd9v

  • MD5

    b58c32edcd7f6a0dde017e53b366734e

  • SHA1

    f8d849e656e7e558531bc50f9bd21ff5ed3ba0bc

  • SHA256

    d276f07b8b4bbae22e9a6d132575e592379ffa926dd799edc8af90b7c32469cc

  • SHA512

    f8735f6255d91a5b995c9ce649081c7168192e1ffdc530b3f7437d8814499d7169b548f019fc699546aa948f0a1c6645b9bce011f8f36d077f13c2561ee4a43e

  • SSDEEP

    786432:KPHWHQPy/YHd36kucu8MrAoX+BFPdE0A9hC9OsHSUejej5siFGxUEOOEDolF6:6WHs36kuzPrnoED6OsHSUejG5siFuUMW

Malware Config

Targets

    • Target

      TangoGen.rar

    • Size

      39.6MB

    • MD5

      b58c32edcd7f6a0dde017e53b366734e

    • SHA1

      f8d849e656e7e558531bc50f9bd21ff5ed3ba0bc

    • SHA256

      d276f07b8b4bbae22e9a6d132575e592379ffa926dd799edc8af90b7c32469cc

    • SHA512

      f8735f6255d91a5b995c9ce649081c7168192e1ffdc530b3f7437d8814499d7169b548f019fc699546aa948f0a1c6645b9bce011f8f36d077f13c2561ee4a43e

    • SSDEEP

      786432:KPHWHQPy/YHd36kucu8MrAoX+BFPdE0A9hC9OsHSUejej5siFGxUEOOEDolF6:6WHs36kuzPrnoED6OsHSUejG5siFuUMW

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks