Resubmissions

13-08-2024 07:31

240813-jcszva1cjg 8

13-08-2024 06:35

240813-hctqpsyenh 8

General

  • Target

    disk-drill-win.exe

  • Size

    27.0MB

  • Sample

    240813-hctqpsyenh

  • MD5

    db78eda8cb52e64d403890ad2201f007

  • SHA1

    174c837386ce92144bb6c8d722e4809426b2519a

  • SHA256

    97e296f77f96ea55d1e0f962f0fe980170a4e8d11464a7ca45b2976aa8ee16ee

  • SHA512

    94691338ff0b788b16eed3eb2973b2534b5c7774ceba3aba11a2f73ee4d9e754c8039d47ed3b45ab55ea3e3a6f7138c5a70a40f516397167a97a36c2773c09ad

  • SSDEEP

    786432:Ep3+DT+fEKOIYSwpcPa39JWJ2GsaZ/mCoq31/:l+MKrYSwqPa3HW7saZ/mPYJ

Malware Config

Targets

    • Target

      disk-drill-win.exe

    • Size

      27.0MB

    • MD5

      db78eda8cb52e64d403890ad2201f007

    • SHA1

      174c837386ce92144bb6c8d722e4809426b2519a

    • SHA256

      97e296f77f96ea55d1e0f962f0fe980170a4e8d11464a7ca45b2976aa8ee16ee

    • SHA512

      94691338ff0b788b16eed3eb2973b2534b5c7774ceba3aba11a2f73ee4d9e754c8039d47ed3b45ab55ea3e3a6f7138c5a70a40f516397167a97a36c2773c09ad

    • SSDEEP

      786432:Ep3+DT+fEKOIYSwpcPa39JWJ2GsaZ/mCoq31/:l+MKrYSwqPa3HW7saZ/mPYJ

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks