General
-
Target
XClient.exe
-
Size
122KB
-
Sample
240704-zd59kazema
-
MD5
8e83fd4fad6074e88b1dac7dbfe848aa
-
SHA1
e3d607a47d75c40dffe6fcb6510796589f1611f2
-
SHA256
e383276a19a317659873d63010dbf081d7137cd2a2ddc4c06dcf25f12e4b3f7e
-
SHA512
1444ff56493ba3e9d1a60881528ec083420c5b54f1fe75fdcada888af424d2ff222a47d56b71a999d5b85733d87bb2de156c7cee627cb49e762610d32701c99e
-
SSDEEP
3072:Mk+uZlWW1Tbfu/HVcUic0M+p9UpGIgE5nuPMuuHbQb0d/:om74HfB0M6UYE5uP2bw6
Malware Config
Targets
-
-
Target
XClient.exe
-
Size
122KB
-
MD5
8e83fd4fad6074e88b1dac7dbfe848aa
-
SHA1
e3d607a47d75c40dffe6fcb6510796589f1611f2
-
SHA256
e383276a19a317659873d63010dbf081d7137cd2a2ddc4c06dcf25f12e4b3f7e
-
SHA512
1444ff56493ba3e9d1a60881528ec083420c5b54f1fe75fdcada888af424d2ff222a47d56b71a999d5b85733d87bb2de156c7cee627cb49e762610d32701c99e
-
SSDEEP
3072:Mk+uZlWW1Tbfu/HVcUic0M+p9UpGIgE5nuPMuuHbQb0d/:om74HfB0M6UYE5uP2bw6
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1