General

  • Target

    580Utils.EXE.zip

  • Size

    11.7MB

  • Sample

    240627-bm61fsxekn

  • MD5

    83d0a53ce80a861ab482c261da4db34e

  • SHA1

    68e2ab66e61ae534fec26c684c3ac2aa47600da7

  • SHA256

    29c7638c77236dd9d0395205063048f1655bf60e60d8e0ae23d6ac6f00f914bc

  • SHA512

    bbeb62ea839691869bc1b1d4b83513e9262252426a2b62d6f68003e5f0a10314f6c8e3db743f109730f6e87625f5b81fff0e7f0c457efbd5d44eb0ce1bcbe16b

  • SSDEEP

    196608:5KqoidqP7hG6aeWILO7E5qQKQmOEqbV3JQ67+ZjJ23zgs50PNbgmJnO8z54GQZ5e:8+qP7FKIz5nxz3eZJ23zgswambzON6fb

Malware Config

Targets

    • Target

      580Utils.EXE.zip

    • Size

      11.7MB

    • MD5

      83d0a53ce80a861ab482c261da4db34e

    • SHA1

      68e2ab66e61ae534fec26c684c3ac2aa47600da7

    • SHA256

      29c7638c77236dd9d0395205063048f1655bf60e60d8e0ae23d6ac6f00f914bc

    • SHA512

      bbeb62ea839691869bc1b1d4b83513e9262252426a2b62d6f68003e5f0a10314f6c8e3db743f109730f6e87625f5b81fff0e7f0c457efbd5d44eb0ce1bcbe16b

    • SSDEEP

      196608:5KqoidqP7hG6aeWILO7E5qQKQmOEqbV3JQ67+ZjJ23zgs50PNbgmJnO8z54GQZ5e:8+qP7FKIz5nxz3eZJ23zgswambzON6fb

    • Creates new service(s)

    • Downloads MZ/PE file

    • Modifies RDP port number used by Windows

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks