Resubmissions

20-06-2024 15:53

240620-tbv3xszdlr 10

18-06-2024 15:24

240618-ss1jasyhre 10

General

  • Target

    P.exe

  • Size

    27.9MB

  • Sample

    240618-ss1jasyhre

  • MD5

    5b3558cf8679391fbf4d2392323ca741

  • SHA1

    0a0fa7f2de6082923b590745c6b90ec8008ad729

  • SHA256

    547fc9e56ecd3e72430eefd14fc934ac1e25acc256f0e5ddd86ed5637dc096c3

  • SHA512

    7811b645b042ccb4a374840775931fdafdd271bf60ee70f8d0b355c823b7550202a854716e0c349efb3b669d98d1027df71acf4a9fc2d247b542be8b14c43972

  • SSDEEP

    393216:XmRzc5GLKoyCeXJ+Sxr4xONXW1mMYN+vlKhEh6zhWazOJ:MTLKoyCeXJ+Sxr4xONXWoM3qEE4ayJ

Malware Config

Targets

    • Target

      P.exe

    • Size

      27.9MB

    • MD5

      5b3558cf8679391fbf4d2392323ca741

    • SHA1

      0a0fa7f2de6082923b590745c6b90ec8008ad729

    • SHA256

      547fc9e56ecd3e72430eefd14fc934ac1e25acc256f0e5ddd86ed5637dc096c3

    • SHA512

      7811b645b042ccb4a374840775931fdafdd271bf60ee70f8d0b355c823b7550202a854716e0c349efb3b669d98d1027df71acf4a9fc2d247b542be8b14c43972

    • SSDEEP

      393216:XmRzc5GLKoyCeXJ+Sxr4xONXW1mMYN+vlKhEh6zhWazOJ:MTLKoyCeXJ+Sxr4xONXWoM3qEE4ayJ

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Tasks