General

  • Target

    download.jpeg

  • Size

    7KB

  • Sample

    240522-v4cygsae82

  • MD5

    5d5beea6843ac54106eead01c52f98d8

  • SHA1

    3de0afbcca9c4e56e022cedc332f4cc0cbcddd01

  • SHA256

    2f8782b4f90898103587a55e68f200974e13680cceae6fbb3602d23de7601488

  • SHA512

    0183e08dc6c595004426f1505fc9522b18dae1664f705a093ec451ba072ecf80e0d03180353472db649ee736a784a59a6384b1ca0b02f742579b0422d3348dea

  • SSDEEP

    192:y/WZ+Jc6KP65jaIQojIa7qRAUIM2SlTtjjdJfJpIhO6AyyoEv:gWZ0KPup7s7xt1LQOZ+q

Malware Config

Targets

    • Target

      download.jpeg

    • Size

      7KB

    • MD5

      5d5beea6843ac54106eead01c52f98d8

    • SHA1

      3de0afbcca9c4e56e022cedc332f4cc0cbcddd01

    • SHA256

      2f8782b4f90898103587a55e68f200974e13680cceae6fbb3602d23de7601488

    • SHA512

      0183e08dc6c595004426f1505fc9522b18dae1664f705a093ec451ba072ecf80e0d03180353472db649ee736a784a59a6384b1ca0b02f742579b0422d3348dea

    • SSDEEP

      192:y/WZ+Jc6KP65jaIQojIa7qRAUIM2SlTtjjdJfJpIhO6AyyoEv:gWZ0KPup7s7xt1LQOZ+q

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks