General

  • Target

    error.7z

  • Size

    2.7MB

  • Sample

    240612-vdbmqswcln

  • MD5

    eb5d98b4eec52807b34a284ce97cf4c2

  • SHA1

    4f244c9563b847ef5a861ca8e226f60f18b060c2

  • SHA256

    3699c0c3fb15277d1676e273fad74844ba09590610472d5f3d34ff0ae826f50b

  • SHA512

    b25d881071438285340e3130d380de89754b8d33fd58101ccf7fe9296c3280a5e0e34c0c1e2a7bfc9d40600063829b40b11b0c3a4e8205ca63f72c1ba537fa2e

  • SSDEEP

    49152:ix6hHxmYEWIJx6hHxmYEWI6Bk4GFY4reBd9JbD4gk8:XhHxvX7hHxvXLGdGN/4B8

Malware Config

Targets

    • Target

      error.7z

    • Size

      2.7MB

    • MD5

      eb5d98b4eec52807b34a284ce97cf4c2

    • SHA1

      4f244c9563b847ef5a861ca8e226f60f18b060c2

    • SHA256

      3699c0c3fb15277d1676e273fad74844ba09590610472d5f3d34ff0ae826f50b

    • SHA512

      b25d881071438285340e3130d380de89754b8d33fd58101ccf7fe9296c3280a5e0e34c0c1e2a7bfc9d40600063829b40b11b0c3a4e8205ca63f72c1ba537fa2e

    • SSDEEP

      49152:ix6hHxmYEWIJx6hHxmYEWI6Bk4GFY4reBd9JbD4gk8:XhHxvX7hHxvXLGdGN/4B8

    Score
    1/10
    • Target

      error.exe

    • Size

      913KB

    • MD5

      b13c084d58511e62f275496c1a163274

    • SHA1

      05bf7c48622084d1a139bada82dbefefcca9450e

    • SHA256

      7f2ceba84512f035ac66322243f8ed0877df85e156c79fb778532420f1b1701a

    • SHA512

      6bfb79646fbd97ee7927d0e8f522b1675b7a262b5da4f7239e0a6f5e5a51ba3ec73df56dd99f35a27f888ba042232a3bc1618efa9a230d4928d7661f04c17004

    • SSDEEP

      12288:UyXEcoNs7qWoRpDVx7Xnqx83qGS+XoThDmQd79sgATBqhC7rsi8jtsf8rQNcqzql:baee5JtnQhZDP9ANqhpiw2cqc

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Disables Task Manager via registry modification

    • Stops running service(s)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Target

      error.ico

    • Size

      4KB

    • MD5

      451508060edfe13eea3429e29c069732

    • SHA1

      ecb14050d7b890dd3a7e0478ef64eeaac1436dc7

    • SHA256

      bf8da7264c96e1260d17174232ed702f222dc8a750a1f52ea4377c3d77b80197

    • SHA512

      0db02a3879dbed34fb07348edb31ad8e74621cfcdca849c691194804b26285259647d3ac2cf43d987c95e10a32cfc49addd798bc75a61301582a69f45d241448

    • SSDEEP

      96:1SLdoDJMbJlhIIrY0hCTAWHwR4Baj0mdKY2uZi3YAbknwHste6rzMhN:1SLdgcl+OYwWfHwhjdDWYACte6rz4

    Score
    3/10
    • Target

      my malwares/error.exe

    • Size

      913KB

    • MD5

      b13c084d58511e62f275496c1a163274

    • SHA1

      05bf7c48622084d1a139bada82dbefefcca9450e

    • SHA256

      7f2ceba84512f035ac66322243f8ed0877df85e156c79fb778532420f1b1701a

    • SHA512

      6bfb79646fbd97ee7927d0e8f522b1675b7a262b5da4f7239e0a6f5e5a51ba3ec73df56dd99f35a27f888ba042232a3bc1618efa9a230d4928d7661f04c17004

    • SSDEEP

      12288:UyXEcoNs7qWoRpDVx7Xnqx83qGS+XoThDmQd79sgATBqhC7rsi8jtsf8rQNcqzql:baee5JtnQhZDP9ANqhpiw2cqc

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Disables Task Manager via registry modification

    • Stops running service(s)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Target

      my malwares/error.ico

    • Size

      4KB

    • MD5

      451508060edfe13eea3429e29c069732

    • SHA1

      ecb14050d7b890dd3a7e0478ef64eeaac1436dc7

    • SHA256

      bf8da7264c96e1260d17174232ed702f222dc8a750a1f52ea4377c3d77b80197

    • SHA512

      0db02a3879dbed34fb07348edb31ad8e74621cfcdca849c691194804b26285259647d3ac2cf43d987c95e10a32cfc49addd798bc75a61301582a69f45d241448

    • SSDEEP

      96:1SLdoDJMbJlhIIrY0hCTAWHwR4Baj0mdKY2uZi3YAbknwHste6rzMhN:1SLdgcl+OYwWfHwhjdDWYACte6rz4

    Score
    1/10
    • Target

      my malwares/money.exe

    • Size

      974KB

    • MD5

      a7fa97439070aa5a504f003fba95d819

    • SHA1

      4ffb89b03f8101b23bd90401fe74f12eb2418b78

    • SHA256

      ba50f91341bbfda18f5afcc332462ef8e4f99e7dadfad8ea4edd5ee6595f1ab5

    • SHA512

      b07383279fa27225df23a9e44acf55fec18946fa44f1064fc0eed43ebf8a741565f23ad28f1da3c508de6e25ffa12218f0971cb8104ef7016beab64d89281cb7

    • SSDEEP

      24576:MaU+FkESyjCx5xQbjm2K/ABdX/8ydHTDWg:MKFkE25KOdIBdX/XDWg

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Disables Task Manager via registry modification

    • Stops running service(s)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks