General

  • Target

    6b3990554ae53193bdcbf0aebd974d2f75089e1f3e573da9bcca4aaee5791202.exe

  • Size

    697KB

  • Sample

    240523-b1gygsgh21

  • MD5

    209b834c18954bc1eafb1df0b93223d9

  • SHA1

    d36f7d46e3c06134534f08e67b38d13b97077065

  • SHA256

    6b3990554ae53193bdcbf0aebd974d2f75089e1f3e573da9bcca4aaee5791202

  • SHA512

    3a6341d74a2b56ca9e5cfc5433b0940f4a1907aee34a33666ba66c7f6c200bb6f399db545cec115f36a02f4a265ffd6238bb352f8bf36c7b8083b0ea05080c0e

  • SSDEEP

    12288:60oU0UEneHuDY7nCkEPaT24WxsTQgMh9kK0KwGLy27UaMUW3GMvXO2:mxneHuDYukEPAWxsTQbzkK0UsaMZWMv7

Malware Config

Targets

    • Target

      6b3990554ae53193bdcbf0aebd974d2f75089e1f3e573da9bcca4aaee5791202.exe

    • Size

      697KB

    • MD5

      209b834c18954bc1eafb1df0b93223d9

    • SHA1

      d36f7d46e3c06134534f08e67b38d13b97077065

    • SHA256

      6b3990554ae53193bdcbf0aebd974d2f75089e1f3e573da9bcca4aaee5791202

    • SHA512

      3a6341d74a2b56ca9e5cfc5433b0940f4a1907aee34a33666ba66c7f6c200bb6f399db545cec115f36a02f4a265ffd6238bb352f8bf36c7b8083b0ea05080c0e

    • SSDEEP

      12288:60oU0UEneHuDY7nCkEPaT24WxsTQgMh9kK0KwGLy27UaMUW3GMvXO2:mxneHuDYukEPAWxsTQbzkK0UsaMZWMv7

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      Skifterammers.Uso

    • Size

      57KB

    • MD5

      9003b8c618556b66af0fc968095d8bba

    • SHA1

      33d8a69579e0bbc848f0f7e414b4a9ef846a57c6

    • SHA256

      9c2e0d7d7ebfef6a420673a5d0bf67ed30f881cf66d1b27ed85d997e1b11c1d9

    • SHA512

      f62a4e3166a34f45bba3e8c802781c0a3bd228931f14de5891b65bb227a28becd7ab2daaaa5d9fbc19bd53fba27c41a63589e8355aec79744bfe4872ea6dffe0

    • SSDEEP

      1536:c/MTrs4O2qGhqZ8BXtsiVWIn702PqUws+qfTk+5pRYrnI:ckM4O2G8dVWIo2PqUP+qfT9l

    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks