General

  • Target

    backdoorppt-1.5.zip

  • Size

    3.1MB

  • Sample

    240612-ra312a1ekn

  • MD5

    2918025cec189ab81b8e5a0de0ef23ac

  • SHA1

    c670bb180c5e321e48ebcac7f9b46e5441bef3eb

  • SHA256

    d2677e459729ff7027760e712ed6e3bc6c066c91b253eef419bbbe65956effa7

  • SHA512

    97c757b1a6acb661c63945f8551ddec114123a21afec2c88602a13fa0e9dad54ce5645f30ecf84f5402b4caa8b8ab968ae276a1e81dd89fea82c125c1668366c

  • SSDEEP

    98304:MOc58kgI5NIlwEfnK1uCwqNnPLHn8X3blBWF1M3u:MOcDgI5NQwaPCwLbl0F13

Malware Config

Targets

    • Target

      backdoorppt-1.5/backdoorppt.sh

    • Size

      6KB

    • MD5

      bb1ecba96eecdd33a699baae87493461

    • SHA1

      d26c29453d7ad26d4d76ad670f3fa9677c0d6afa

    • SHA256

      3b1c52c781a608b1d109ff752a5a85a908e9cc66945187bfe96ab2d963550063

    • SHA512

      c6881235c28b09f3d5ff5b6699104ba8b055de60ca963ad1e85571093e03959b3618286194cadf2f2ad9eb91f156d26e4b19417cf9c1084f24f10e593999d993

    • SSDEEP

      96:q7dh9vNt8bFC5PSiWEhpgL9XI5Yg8CbDV8JWKb9gFtzPvHyRt2OeLEgGeL74aqjp:oUImotH6t9gFNvHykLrBL79xcnbp

    Score
    1/10
    • Target

      backdoorppt-1.5/bin/reshacker_setup.exe

    • Size

      2.8MB

    • MD5

      78d293bea40e7e159728eecfa86ec085

    • SHA1

      34a3755fc7aaa65c9658805548a089b43c283940

    • SHA256

      32d9aa920d4d97e799fbb630f9bbc4597b52281692175688b6a582501eb0a683

    • SHA512

      1b9e02e213615a5460025ce85caea11cc86f9eeb6312e9f4efd6721fa330baa10e9f1c1c50c1331db869491f95e5c7442b2eb0b5c313a7c7e8c799f2a64d8ef7

    • SSDEEP

      49152:z75dymiIQzxc0lkwPgusmOuRxPDo1aShQDqdoEaANz+j3KukuTn9fy9QbFFH192P:X5oP2MguLPqxCW7N6j6ukuTnBbbV8jHT

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks