Resubmissions

16-06-2024 00:37

240616-ayjhvs1hmh 8

14-06-2024 16:58

240614-vgwr3ssgkn 8

14-06-2024 16:57

240614-vggm6ayfrd 8

12-06-2024 16:08

240612-tlcpbs1crg 8

General

  • Target

    c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe

  • Size

    856KB

  • Sample

    240612-tlcpbs1crg

  • MD5

    733766ff5495f04d82744291993eb69e

  • SHA1

    2830778313fd7fccc6c8129d419b1757368078fd

  • SHA256

    c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef

  • SHA512

    cf3bf548e743894888ba3ea191a289f09d9f36215e1306aa21e61f0ea81473eec6df01a6e7f05f9251ecb9cc71c654934a53d4916c4152bf8fa4a95119e98cf2

  • SSDEEP

    12288:0zqKbHTadreUv6e2faqsW8lEsbjwepi8K2cE4b5wxH5/uek6JA6QfmpFiMtMv7u3:yPaFnCec8vj1p7pc5bQZ/uesmoqt7jF

Malware Config

Targets

    • Target

      c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe

    • Size

      856KB

    • MD5

      733766ff5495f04d82744291993eb69e

    • SHA1

      2830778313fd7fccc6c8129d419b1757368078fd

    • SHA256

      c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef

    • SHA512

      cf3bf548e743894888ba3ea191a289f09d9f36215e1306aa21e61f0ea81473eec6df01a6e7f05f9251ecb9cc71c654934a53d4916c4152bf8fa4a95119e98cf2

    • SSDEEP

      12288:0zqKbHTadreUv6e2faqsW8lEsbjwepi8K2cE4b5wxH5/uek6JA6QfmpFiMtMv7u3:yPaFnCec8vj1p7pc5bQZ/uesmoqt7jF

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

3
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Command and Control

Web Service

1
T1102

Tasks