General

  • Target

    TCAIME.CAB

  • Size

    643KB

  • Sample

    240622-t69jssygpm

  • MD5

    77b2973581ffb6ea43c032c34dab9b51

  • SHA1

    adc72d5e7144dac487f810653fc15052cc5a8c30

  • SHA256

    3e9bda88ae12f425c3f74d59afee6725a5e14649d1b67baff6151b257c87a27d

  • SHA512

    b856b85a859bdc230c910fa9a0c96c085315a6ca2f804b2424b650c7221a860073d59cf8d105103ab8d371e14da88c65848e09b19c0474f7e1a6301a6610dcc9

  • SSDEEP

    12288:qZauQIPrmfCusGfALijB7gD2LC7oYDze3HIcVfn7DhNyK:qkjeLUdmne3lVffhwK

Malware Config

Targets

    • Target

      advpack.dll

    • Size

      73KB

    • MD5

      81e5c8596a7e4e98117f5c5143293020

    • SHA1

      45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

    • SHA256

      7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

    • SHA512

      05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

    • SSDEEP

      1536:3TlRSuxQYyqUB9XzWqxGHVcIIX5ZDBZGscEvWlExtJl966CX6q0uE:FfUB9XamGHpw5ZDXXPOixtJz3CX6qQ

    • Modifies security service

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Detected potential entity reuse from brand microsoft.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks