General
-
Target
580Utils.EXE.zip
-
Size
11.7MB
-
Sample
240627-bm61fsxekn
-
MD5
83d0a53ce80a861ab482c261da4db34e
-
SHA1
68e2ab66e61ae534fec26c684c3ac2aa47600da7
-
SHA256
29c7638c77236dd9d0395205063048f1655bf60e60d8e0ae23d6ac6f00f914bc
-
SHA512
bbeb62ea839691869bc1b1d4b83513e9262252426a2b62d6f68003e5f0a10314f6c8e3db743f109730f6e87625f5b81fff0e7f0c457efbd5d44eb0ce1bcbe16b
-
SSDEEP
196608:5KqoidqP7hG6aeWILO7E5qQKQmOEqbV3JQ67+ZjJ23zgs50PNbgmJnO8z54GQZ5e:8+qP7FKIz5nxz3eZJ23zgswambzON6fb
Static task
static1
Behavioral task
behavioral1
Sample
580Utils.EXE.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
580Utils.EXE.zip
-
Size
11.7MB
-
MD5
83d0a53ce80a861ab482c261da4db34e
-
SHA1
68e2ab66e61ae534fec26c684c3ac2aa47600da7
-
SHA256
29c7638c77236dd9d0395205063048f1655bf60e60d8e0ae23d6ac6f00f914bc
-
SHA512
bbeb62ea839691869bc1b1d4b83513e9262252426a2b62d6f68003e5f0a10314f6c8e3db743f109730f6e87625f5b81fff0e7f0c457efbd5d44eb0ce1bcbe16b
-
SSDEEP
196608:5KqoidqP7hG6aeWILO7E5qQKQmOEqbV3JQ67+ZjJ23zgs50PNbgmJnO8z54GQZ5e:8+qP7FKIz5nxz3eZJ23zgswambzON6fb
-
Creates new service(s)
-
Downloads MZ/PE file
-
Modifies RDP port number used by Windows
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1