General

  • Target

    trigger.vbs

  • Size

    90B

  • Sample

    240526-keltzsdc52

  • MD5

    ee0839d0823d0b94662ee473497cd6c7

  • SHA1

    9862390404bd8cce614071e8a6eb2268e1cb2755

  • SHA256

    ce5003c5067f9ef22bec1c1e9d6f20035d5114158877d3115f313bac4b372859

  • SHA512

    aa9860846962ba36a2c31c25c72ec2c76787c2648223822a19a01cbed9454b91e91f4ae007153072766592bfcc3111d9fe2165ef433519ffcaf33850ebde559c

Malware Config

Targets

    • Target

      trigger.vbs

    • Size

      90B

    • MD5

      ee0839d0823d0b94662ee473497cd6c7

    • SHA1

      9862390404bd8cce614071e8a6eb2268e1cb2755

    • SHA256

      ce5003c5067f9ef22bec1c1e9d6f20035d5114158877d3115f313bac4b372859

    • SHA512

      aa9860846962ba36a2c31c25c72ec2c76787c2648223822a19a01cbed9454b91e91f4ae007153072766592bfcc3111d9fe2165ef433519ffcaf33850ebde559c

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks