General

  • Target

    e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5

  • Size

    1.4MB

  • Sample

    240614-f54p9swgnh

  • MD5

    db809416e6e1bbf5d80e79076d20603c

  • SHA1

    e986701c95efa9a220498ea1f3645748f8fdb3d8

  • SHA256

    e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5

  • SHA512

    57f657274937588865c78fe3d88813fecb5508c047a2167bad02e4487a8bf707102d61e6fa9f4f652a82de40dd6dd471f37d0270d1fff2f29d62c328975778fe

  • SSDEEP

    6144:O1wCafZnZZVrKuaFusNoBFqkvqUPT35sle3oU4/zm0CaphZKkEeAz8exqO/JAC:kAZnZZF5agsxkvqolsle3UCo1UJ

Score
10/10

Malware Config

Targets

    • Target

      e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5

    • Size

      1.4MB

    • MD5

      db809416e6e1bbf5d80e79076d20603c

    • SHA1

      e986701c95efa9a220498ea1f3645748f8fdb3d8

    • SHA256

      e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5

    • SHA512

      57f657274937588865c78fe3d88813fecb5508c047a2167bad02e4487a8bf707102d61e6fa9f4f652a82de40dd6dd471f37d0270d1fff2f29d62c328975778fe

    • SSDEEP

      6144:O1wCafZnZZVrKuaFusNoBFqkvqUPT35sle3oU4/zm0CaphZKkEeAz8exqO/JAC:kAZnZZF5agsxkvqolsle3UCo1UJ

    Score
    10/10
    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks