Resubmissions

10-08-2024 06:53

240810-hnsmsatfrf 6

10-08-2024 06:49

240810-hlsvrszcln 10

10-08-2024 06:46

240810-hjzwaszbrn 10

10-08-2024 06:41

240810-hf41vazbkm 8

10-08-2024 06:38

240810-heedsszanp 8

10-08-2024 06:35

240810-hcr7wazajn 8

General

  • Target

    Module.dll

  • Size

    1.3MB

  • Sample

    240810-hf41vazbkm

  • MD5

    157fd035b2a344a94166d7db3756df0e

  • SHA1

    f221d28c1deb80b4e8d9201226435aefce6b0f75

  • SHA256

    8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009

  • SHA512

    fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d

  • SSDEEP

    24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk

Malware Config

Targets

    • Target

      Module.dll

    • Size

      1.3MB

    • MD5

      157fd035b2a344a94166d7db3756df0e

    • SHA1

      f221d28c1deb80b4e8d9201226435aefce6b0f75

    • SHA256

      8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009

    • SHA512

      fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d

    • SSDEEP

      24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks