General
-
Target
installer2.exe
-
Size
16.2MB
-
Sample
240614-ypds1sxdpr
-
MD5
5aece647826a6f39a8bb8b17cd4186d6
-
SHA1
446ba99bb2ca06fed22c0019a5e8671e7e3f1e62
-
SHA256
aa212361c56bc3c307df12dd1ef574bb21c03f28a3cacc94a5a683d217b27ebc
-
SHA512
3997bf2eed4ebd50d7ba558bfd0c54222b53e6f1776e1499edc77de4ee8075bb0b712fde9a9a4c287f964bb86fcc3bd99f78e3012d2c7870b38810821939e9f4
-
SSDEEP
393216:A/53AXVAd5y2XjI4j10HlDR4K55RUGOtdMPFSeUP:GqUy+j1a9yPkFvU
Malware Config
Targets
-
-
Target
installer2.exe
-
Size
16.2MB
-
MD5
5aece647826a6f39a8bb8b17cd4186d6
-
SHA1
446ba99bb2ca06fed22c0019a5e8671e7e3f1e62
-
SHA256
aa212361c56bc3c307df12dd1ef574bb21c03f28a3cacc94a5a683d217b27ebc
-
SHA512
3997bf2eed4ebd50d7ba558bfd0c54222b53e6f1776e1499edc77de4ee8075bb0b712fde9a9a4c287f964bb86fcc3bd99f78e3012d2c7870b38810821939e9f4
-
SSDEEP
393216:A/53AXVAd5y2XjI4j10HlDR4K55RUGOtdMPFSeUP:GqUy+j1a9yPkFvU
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2