General

  • Target

    KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png

  • Size

    22KB

  • Sample

    240604-axhj6seh7v

  • MD5

    f863353331d71fbe761c1e2758fd04fd

  • SHA1

    a3ebd26f25bce8caef1ed5edb77b6c74ca57101e

  • SHA256

    06cfaf6db18dc771749a663dd42ebfc88c35903f1a09297986d0b0fef679f815

  • SHA512

    5cb840b81c385651805a87a6b3b7e624522147c7a1d834cbda537913df3cd0e7b431a12b314479264ba82f1bda8524f2b7097bb499c43f50e175b8069d9162df

  • SSDEEP

    384:kBOj2T5f/5tO22NCH9svsJ6kNIK4XJ3LB5U/lHF9+IdTTmrE4Nt3Hog4aYhw5l7a:b8FN2wH2vsFrsvor97TeE4T4j1hwf0tT

Malware Config

Targets

    • Target

      KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png

    • Size

      22KB

    • MD5

      f863353331d71fbe761c1e2758fd04fd

    • SHA1

      a3ebd26f25bce8caef1ed5edb77b6c74ca57101e

    • SHA256

      06cfaf6db18dc771749a663dd42ebfc88c35903f1a09297986d0b0fef679f815

    • SHA512

      5cb840b81c385651805a87a6b3b7e624522147c7a1d834cbda537913df3cd0e7b431a12b314479264ba82f1bda8524f2b7097bb499c43f50e175b8069d9162df

    • SSDEEP

      384:kBOj2T5f/5tO22NCH9svsJ6kNIK4XJ3LB5U/lHF9+IdTTmrE4Nt3Hog4aYhw5l7a:b8FN2wH2vsFrsvor97TeE4T4j1hwf0tT

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks