General

  • Target

    0149cd4727e356bb6561322c77c4b46df1e2f7f5fbb40bb24280e29f2745853f

  • Size

    36.2MB

  • Sample

    240522-n1yx8afa4t

  • MD5

    2c76c37791e9ee93a516461d0e72dc14

  • SHA1

    1cd2b907549f38adf4e44eb65326847f27ef0995

  • SHA256

    0149cd4727e356bb6561322c77c4b46df1e2f7f5fbb40bb24280e29f2745853f

  • SHA512

    a6f01eaaeaf5257a525a7bdda6aee5cc8006d9cb30c177407660c8872f0b9c83c860888b4d63f3011adff25f60d6aa1d6433737b68daf3f8ba6f8df56f934f85

  • SSDEEP

    786432:ugjlEW8KyrjSJDfZ8ldLNZZlui6ol92fM57hWjlQGX0GiN:sW8Kyr2h8LNZPdl90MHWhJiN

Malware Config

Targets

    • Target

      NirCmd.chm

    • Size

      45KB

    • MD5

      de1d4e1caf466f6fa52f1ee518551c3e

    • SHA1

      7a0b0ec66737a3fd9699d99e4e95e770e80231f2

    • SHA256

      573aa5b8db5f7b73cd0cb166514a197553e73659e881707c781691cbf2034516

    • SHA512

      3d41dbe484b9676ebcdf66a7cf8679b1c303c1e3279336c33414622d95e54e98d63a1e791db3d7cd9fd350087132fabbb7059aedebb6c6b4b6e5b6666456a53c

    • SSDEEP

      768:85nDno+QMmhCFg8u5742wPpVoGYGeLjOsRbZosHRIevnw0fmBMV0Qdeo/J+KftbI:85PQhhmfm7424YnOcfxnwsJDAoJ+KftM

    Score
    1/10
    • Target

      conhost.exe

    • Size

      32.3MB

    • MD5

      777b3347af83a8e468b61ceecf5249de

    • SHA1

      52597d44e245e2e708a501ed9ec3b6073c552c71

    • SHA256

      c7f9bbdf69563f3b9e18350ab70c06e222691b9ec42ec78363d5959b291f5ca0

    • SHA512

      0d447868ab938b5993569f8d275edc710d82726458c7d0fa10ded41f19c17e647b44858e7cd6bee257d12131e98fe00b22b80ccbf91f742cc14c7b31317b93f0

    • SSDEEP

      786432:fL6vO1QtIDb2j6+s7LWB75zup/jLb/EF3IL55qW80hCMcSJ:fiaiIP2qHWB75ip/jfcFG5cW7Ce

    Score
    7/10
    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      nircmd.exe

    • Size

      117KB

    • MD5

      4a9da765fd91e80decfd2c9fe221e842

    • SHA1

      6f763fbd2b37b2ce76a8e874b05a8075f48d1171

    • SHA256

      2e81e048ab419fdc6e5f4336a951bd282ed6b740048dc38d7673678ee3490cda

    • SHA512

      4716e598e4b930a0ec89f4d826afaa3dade22cf002111340bc253a618231e88f2f5247f918f993ed15b8ce0e3a97d6838c12b17616913e48334ee9b713c1957a

    • SSDEEP

      3072:oG0tOQJC9TPafQy26RAA3hh5Tgr559MJZpOSDUDyjHHKHlLz1Ms/b:2OQJC9uICA11l1MYb

    Score
    1/10
    • Target

      nircmdc.exe

    • Size

      115KB

    • MD5

      4fb678dde98696cc8c7dd10ef1fada1f

    • SHA1

      46fb15c3fb4865d7925c9b1e592cf3db45f8e769

    • SHA256

      c3e28c6e201d5c0206d941bed96c1c6219397da9b563771d856da1b6cc390554

    • SHA512

      7b1babf328b11747f336e7b2b267fba88c330de699bc5f90983ffd68ed15da76a28f0fb6c138d491325b9bdbf6f80f15f416558654611084d19dfc0a25658975

    • SSDEEP

      3072:vGrnFse2GdzzolPYO/mvO/1vwUPG9W+I1vXzWX7YHuHlAizXuVxcJB:urnFeNlRDml/urkB

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks