General

  • Target

    c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820.exe

  • Size

    5.3MB

  • Sample

    240604-caq9xaaa56

  • MD5

    3974c5d0b92366bbc9af950c8d7f898d

  • SHA1

    1b141b9cced64d1b86cd9d3460062ee7ecd34357

  • SHA256

    c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820

  • SHA512

    6b786fcf6ad40c3f8007e55242db7794f640177f3394a49a3ac9dc3b6cf3588eefe8e3db8ed21d9fcc3962de50d48c6c28867ab92a7da324389e19b9642170fa

  • SSDEEP

    98304:6dabsLaGmmo105PwezFkinGRvGmWxsEI9KHkfK7JwzlHhvSasMwpHNr:6E1m1iiEuf9WN6Qm5

Malware Config

Targets

    • Target

      c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820.exe

    • Size

      5.3MB

    • MD5

      3974c5d0b92366bbc9af950c8d7f898d

    • SHA1

      1b141b9cced64d1b86cd9d3460062ee7ecd34357

    • SHA256

      c88dbfa8510ba03e204e2458434be95cb232f34a0b530a299ba6fdecd3c39820

    • SHA512

      6b786fcf6ad40c3f8007e55242db7794f640177f3394a49a3ac9dc3b6cf3588eefe8e3db8ed21d9fcc3962de50d48c6c28867ab92a7da324389e19b9642170fa

    • SSDEEP

      98304:6dabsLaGmmo105PwezFkinGRvGmWxsEI9KHkfK7JwzlHhvSasMwpHNr:6E1m1iiEuf9WN6Qm5

    • Modifies security service

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks