Resubmissions

07-06-2024 19:53

240607-yl3b7sde56 8

07-06-2024 19:50

240607-ykgdcace4x 4

07-06-2024 19:49

240607-yj29esde32 1

General

  • Target

    Picture.psd

  • Size

    275KB

  • Sample

    240607-yl3b7sde56

  • MD5

    51d05bdf927d6db9b8955a0f0884a157

  • SHA1

    851e1197cca9b39275bd29bb24da1a606e894c5d

  • SHA256

    fcb63ed3223083b3f1d6830ad56204e47d2394fca667cd21125b744c05f6e3e8

  • SHA512

    80d60f5aaee5606f427983b77d6b315141d938f3a9e231ac83eaa6274992ed3815a8ee79186655a09278327a9d7abc0353f60215f0f367d8778ad8fe3d6a29fc

  • SSDEEP

    3072:ewz/rtm3CEcBqzzyv+KSKT5UoPUrN9GRi79:eZ3cBwzAKKyociRM9

Malware Config

Targets

    • Target

      Picture.psd

    • Size

      275KB

    • MD5

      51d05bdf927d6db9b8955a0f0884a157

    • SHA1

      851e1197cca9b39275bd29bb24da1a606e894c5d

    • SHA256

      fcb63ed3223083b3f1d6830ad56204e47d2394fca667cd21125b744c05f6e3e8

    • SHA512

      80d60f5aaee5606f427983b77d6b315141d938f3a9e231ac83eaa6274992ed3815a8ee79186655a09278327a9d7abc0353f60215f0f367d8778ad8fe3d6a29fc

    • SSDEEP

      3072:ewz/rtm3CEcBqzzyv+KSKT5UoPUrN9GRi79:eZ3cBwzAKKyociRM9

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Modifies RDP port number used by Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks