General

  • Target

    main.exe

  • Size

    7.4MB

  • Sample

    240620-qkyzdstenl

  • MD5

    4c99136b1b2a5e5ea2e5d7cefa7063f1

  • SHA1

    83ecb5c21c76d83ef114374ef5ac720c7b35c4e1

  • SHA256

    e2c834727a9c55b9c3150d7bb5109d32c05dedb27aa11ce2a051d85c199693ba

  • SHA512

    1c0ba613548cf25e867a9034474e92987e58cc856f1b4a89c7d25a3f49626533606c913c80a8ba01e29fc78d81e516b5febbafd6251863e5e801cef336e8a641

  • SSDEEP

    98304:Ha+8PWQRDljhUsdDwG1eFsr7/zPlcGxH0Ig17E3AAy5tx5bSpXqgD/SwvzJT1aOf:Ha++Z6YDwGcsztcGfcY3gtTSESd1Zc

Malware Config

Targets

    • Target

      main.exe

    • Size

      7.4MB

    • MD5

      4c99136b1b2a5e5ea2e5d7cefa7063f1

    • SHA1

      83ecb5c21c76d83ef114374ef5ac720c7b35c4e1

    • SHA256

      e2c834727a9c55b9c3150d7bb5109d32c05dedb27aa11ce2a051d85c199693ba

    • SHA512

      1c0ba613548cf25e867a9034474e92987e58cc856f1b4a89c7d25a3f49626533606c913c80a8ba01e29fc78d81e516b5febbafd6251863e5e801cef336e8a641

    • SSDEEP

      98304:Ha+8PWQRDljhUsdDwG1eFsr7/zPlcGxH0Ig17E3AAy5tx5bSpXqgD/SwvzJT1aOf:Ha++Z6YDwGcsztcGfcY3gtTSESd1Zc

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

MITRE ATT&CK Enterprise v15

Tasks