General

  • Target

    uifgrgygfbvhfilyvbfuzsr.exe

  • Size

    134.8MB

  • Sample

    240511-bx1lesgd28

  • MD5

    af8b0b1f7fbb86641bd5a65c22dd970b

  • SHA1

    f9f0a38e35547fe1fe8650cbbb56e4a189773b31

  • SHA256

    8fdc2b6aed81853502ff8535f010ec1c1f9ab6f86ac222574afb97a184ddf045

  • SHA512

    f6c5e489cf105ef2b4a9e5e3aa6ff34b66afec2046fc7d3e50c7f271a711becf333b2ed4a7594f2fb1c3679d717be55e1c36b032faf8265929ccff5931d677c7

  • SSDEEP

    3145728:6egYRPSC++6y94FOXsoYPmKqFOAXv4uKkIa0duI2IukFp5v2k/2w:dxaC4y94FUsommKUtvPrt0duI2IukFXj

Malware Config

Targets

    • Target

      uifgrgygfbvhfilyvbfuzsr.exe

    • Size

      134.8MB

    • MD5

      af8b0b1f7fbb86641bd5a65c22dd970b

    • SHA1

      f9f0a38e35547fe1fe8650cbbb56e4a189773b31

    • SHA256

      8fdc2b6aed81853502ff8535f010ec1c1f9ab6f86ac222574afb97a184ddf045

    • SHA512

      f6c5e489cf105ef2b4a9e5e3aa6ff34b66afec2046fc7d3e50c7f271a711becf333b2ed4a7594f2fb1c3679d717be55e1c36b032faf8265929ccff5931d677c7

    • SSDEEP

      3145728:6egYRPSC++6y94FOXsoYPmKqFOAXv4uKkIa0duI2IukFp5v2k/2w:dxaC4y94FUsommKUtvPrt0duI2IukFXj

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks