General

  • Target

    b2cc4454c0a4fc80b1fc782c45ac7f76b1d95913d259090a2523819aeec88eb5

  • Size

    163KB

  • Sample

    240805-sqcdpazdnq

  • MD5

    1a7d1b5d24ba30c4d3d5502295ab5e89

  • SHA1

    2d5e69cf335605ba0a61f0bbecbea6fc06a42563

  • SHA256

    b2cc4454c0a4fc80b1fc782c45ac7f76b1d95913d259090a2523819aeec88eb5

  • SHA512

    859180338958509934d22dbc9be9da896118739d87727eb68744713259e819551f7534440c545185f469da03c86d96e425cdf5aae3fb027bb8b7f51044e08eaa

  • SSDEEP

    3072:TQpsSyjlzA664oL8tIoDJxGtIVORPrdAHjl3+uwF+iBDZ/wXxnTFKe8kaz:TQpsSyjlzfnoNGxGo6PrdAHwtMxn4e8N

Malware Config

Targets

    • Target

      b2cc4454c0a4fc80b1fc782c45ac7f76b1d95913d259090a2523819aeec88eb5

    • Size

      163KB

    • MD5

      1a7d1b5d24ba30c4d3d5502295ab5e89

    • SHA1

      2d5e69cf335605ba0a61f0bbecbea6fc06a42563

    • SHA256

      b2cc4454c0a4fc80b1fc782c45ac7f76b1d95913d259090a2523819aeec88eb5

    • SHA512

      859180338958509934d22dbc9be9da896118739d87727eb68744713259e819551f7534440c545185f469da03c86d96e425cdf5aae3fb027bb8b7f51044e08eaa

    • SSDEEP

      3072:TQpsSyjlzA664oL8tIoDJxGtIVORPrdAHjl3+uwF+iBDZ/wXxnTFKe8kaz:TQpsSyjlzfnoNGxGo6PrdAHwtMxn4e8N

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Indicator Removal: Clear Windows Event Logs

      Clear Windows Event Logs to hide the activity of an intrusion.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks