General

  • Target

    8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a

  • Size

    1.5MB

  • Sample

    240818-enf27svamc

  • MD5

    360afa4681dca1042ea3ab1fbbe6279b

  • SHA1

    090c947acf423738fbeda5c2daa9d6970b8fb213

  • SHA256

    8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a

  • SHA512

    7869affd1ffd531236c55296e6eb0d1b82434a34599bf764e6b98d297b3aa3bfd84fbda738892fd894e1d579586f077219d0f68372b0d824f8d92ea247657907

  • SSDEEP

    24576:sXYi1f9w46vCc0jQtMKMb+AS3MmMrvD1GoWoK6Q:soi1f9y21qZMr9WP

Malware Config

Targets

    • Target

      8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a

    • Size

      1.5MB

    • MD5

      360afa4681dca1042ea3ab1fbbe6279b

    • SHA1

      090c947acf423738fbeda5c2daa9d6970b8fb213

    • SHA256

      8e2b4a06579743d83b1732bf69073bb8201046f7b4ffffbd5567a42faec38c8a

    • SHA512

      7869affd1ffd531236c55296e6eb0d1b82434a34599bf764e6b98d297b3aa3bfd84fbda738892fd894e1d579586f077219d0f68372b0d824f8d92ea247657907

    • SSDEEP

      24576:sXYi1f9w46vCc0jQtMKMb+AS3MmMrvD1GoWoK6Q:soi1f9y21qZMr9WP

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Disables RegEdit via registry modification

    • Event Triggered Execution: Image File Execution Options Injection

    • Indicator Removal: Network Share Connection Removal

      Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.

    • Possible privilege escalation attempt

    • Modifies file permissions

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks