General

  • Target

    4a62f4f5444c21f4eea648f052ee094237008f2d4c0d9b01e3c3d8a0faa54e8f

  • Size

    539B

  • Sample

    240525-tvrvlsah26

  • MD5

    d3e1a2cbdcd63aae8815c71ce95da3a9

  • SHA1

    2e26170e90890318cb7cc0d7e6db8151f02ef20d

  • SHA256

    4a62f4f5444c21f4eea648f052ee094237008f2d4c0d9b01e3c3d8a0faa54e8f

  • SHA512

    20b6f6c0e8503aa63e2e6b236aeafe0a92dbf4c6b14b5ce7fb873df245aeacdac86f20bc8f6fba7216bc60b3ced13400e2c602d8fa0c06deb16c04f8a74599f9

Malware Config

Targets

    • Target

      4a62f4f5444c21f4eea648f052ee094237008f2d4c0d9b01e3c3d8a0faa54e8f

    • Size

      539B

    • MD5

      d3e1a2cbdcd63aae8815c71ce95da3a9

    • SHA1

      2e26170e90890318cb7cc0d7e6db8151f02ef20d

    • SHA256

      4a62f4f5444c21f4eea648f052ee094237008f2d4c0d9b01e3c3d8a0faa54e8f

    • SHA512

      20b6f6c0e8503aa63e2e6b236aeafe0a92dbf4c6b14b5ce7fb873df245aeacdac86f20bc8f6fba7216bc60b3ced13400e2c602d8fa0c06deb16c04f8a74599f9

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Modifies firewall policy service

    • Modifies security service

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

    • Registers new Print Monitor

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks