General
-
Target
virussign.com_2d75f233abb92d00194ea865063257e0.vir
-
Size
480KB
-
Sample
240528-wcbrsadg7z
-
MD5
2d75f233abb92d00194ea865063257e0
-
SHA1
ba2a21f16e20c0970384f8c08eefe41eb4539172
-
SHA256
d7fe15a86b37335e90cf9d0af053df6a22d2e9fc0d21276ef5931adfb2ee155d
-
SHA512
cb4000e47f8604da94637f4d8503f534a4c2b4e4ba89101d529cfc9ff92ca1dd55fde01d296a3bab8f14b7093b0769c4522bfccdb84a806697567de3b45bc0b9
-
SSDEEP
6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKElDnU1:nRDc3yWDNU+YUznzNjElWaT07NQtDU1
Malware Config
Targets
-
-
Target
virussign.com_2d75f233abb92d00194ea865063257e0.vir
-
Size
480KB
-
MD5
2d75f233abb92d00194ea865063257e0
-
SHA1
ba2a21f16e20c0970384f8c08eefe41eb4539172
-
SHA256
d7fe15a86b37335e90cf9d0af053df6a22d2e9fc0d21276ef5931adfb2ee155d
-
SHA512
cb4000e47f8604da94637f4d8503f534a4c2b4e4ba89101d529cfc9ff92ca1dd55fde01d296a3bab8f14b7093b0769c4522bfccdb84a806697567de3b45bc0b9
-
SSDEEP
6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKElDnU1:nRDc3yWDNU+YUznzNjElWaT07NQtDU1
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Sets service image path in registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1