General

  • Target

    watch

  • Size

    840KB

  • Sample

    240513-eb24xahf6z

  • MD5

    e2f614108b5449b53d0ff0ebfe2d7c5e

  • SHA1

    3d841bc22cf48c82f13efce9838e6ab51ab85e36

  • SHA256

    8b2e844a447aed5641fe1ce8434d06f3e8a9674117e9804c4bfb4cfb699174e9

  • SHA512

    0802c0177e6e3043d7d62f119ac0dea87a06a9b8f59433ed7b2279fd8d0e745274a3524bfb2f0a333d3f2f9712bd90774f8a66258b8fda844141ac8bea0cc0af

  • SSDEEP

    12288:5UKDKNKsKzKCKMKkKzKlK2zY3UVqiqYo9TgG5T:5fOUW

Malware Config

Targets

    • Target

      watch

    • Size

      840KB

    • MD5

      e2f614108b5449b53d0ff0ebfe2d7c5e

    • SHA1

      3d841bc22cf48c82f13efce9838e6ab51ab85e36

    • SHA256

      8b2e844a447aed5641fe1ce8434d06f3e8a9674117e9804c4bfb4cfb699174e9

    • SHA512

      0802c0177e6e3043d7d62f119ac0dea87a06a9b8f59433ed7b2279fd8d0e745274a3524bfb2f0a333d3f2f9712bd90774f8a66258b8fda844141ac8bea0cc0af

    • SSDEEP

      12288:5UKDKNKsKzKCKMKkKzKlK2zY3UVqiqYo9TgG5T:5fOUW

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks