General

  • Target

    RingHeads32.exe

  • Size

    923KB

  • Sample

    240612-xe35gszbkk

  • MD5

    c315d67e3a5e1b94282d9b2d3cce4c6e

  • SHA1

    9865f979105974e4205f6ec9739bcfc617306d07

  • SHA256

    09cb6de2e6ee8194c8abfa418bebbe7c4782d9bccb5b21afbadff33abfe6f198

  • SHA512

    98c3d130f185a18d6ec20b72d256ae9215bcd06a08292b86b3d15a42bdbcdd8e3b7cb39c864a55bc69904af7d186611b8cb3662a7f29a39b52e9de9d1a77d9ce

  • SSDEEP

    24576:EmX4Ppi2YGrp0Fhq37W3fkdZTELc9TQziGpfYZus6cjCuk0Y43c757:EmX4PpiN8qg3CfoZ2c1CiGaUcjvk0Yp9

Malware Config

Targets

    • Target

      RingHeads32.exe

    • Size

      923KB

    • MD5

      c315d67e3a5e1b94282d9b2d3cce4c6e

    • SHA1

      9865f979105974e4205f6ec9739bcfc617306d07

    • SHA256

      09cb6de2e6ee8194c8abfa418bebbe7c4782d9bccb5b21afbadff33abfe6f198

    • SHA512

      98c3d130f185a18d6ec20b72d256ae9215bcd06a08292b86b3d15a42bdbcdd8e3b7cb39c864a55bc69904af7d186611b8cb3662a7f29a39b52e9de9d1a77d9ce

    • SSDEEP

      24576:EmX4Ppi2YGrp0Fhq37W3fkdZTELc9TQziGpfYZus6cjCuk0Y43c757:EmX4PpiN8qg3CfoZ2c1CiGaUcjvk0Yp9

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Disables Task Manager via registry modification

    • Stops running service(s)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks