General

  • Target

    c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe

  • Size

    856KB

  • Sample

    240611-kgpcwszhrd

  • MD5

    733766ff5495f04d82744291993eb69e

  • SHA1

    2830778313fd7fccc6c8129d419b1757368078fd

  • SHA256

    c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef

  • SHA512

    cf3bf548e743894888ba3ea191a289f09d9f36215e1306aa21e61f0ea81473eec6df01a6e7f05f9251ecb9cc71c654934a53d4916c4152bf8fa4a95119e98cf2

  • SSDEEP

    12288:0zqKbHTadreUv6e2faqsW8lEsbjwepi8K2cE4b5wxH5/uek6JA6QfmpFiMtMv7u3:yPaFnCec8vj1p7pc5bQZ/uesmoqt7jF

Score
10/10

Malware Config

Targets

    • Target

      c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe

    • Size

      856KB

    • MD5

      733766ff5495f04d82744291993eb69e

    • SHA1

      2830778313fd7fccc6c8129d419b1757368078fd

    • SHA256

      c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef

    • SHA512

      cf3bf548e743894888ba3ea191a289f09d9f36215e1306aa21e61f0ea81473eec6df01a6e7f05f9251ecb9cc71c654934a53d4916c4152bf8fa4a95119e98cf2

    • SSDEEP

      12288:0zqKbHTadreUv6e2faqsW8lEsbjwepi8K2cE4b5wxH5/uek6JA6QfmpFiMtMv7u3:yPaFnCec8vj1p7pc5bQZ/uesmoqt7jF

    • UPX dump on OEP (original entry point)

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks