General
-
Target
Ozix Anti-SS Tool Lite (32 bits) (1).exe
-
Size
938KB
-
Sample
240824-ysz6esycrl
-
MD5
f146fc6b0d7f3ad9ff8f14c8c8de6f6c
-
SHA1
48923c0d8b4d4ce6f4663993d453821ae55e6197
-
SHA256
1a6328b1da373a3e57e714ea983371a60c92c74600bbc78f509548e1272903b5
-
SHA512
84f402f35e9daafea7f3bf9cf53c5421210d88981796336d2fc9c56ac80dd6a112325420b7306b00cdb371b9a095ce9307a9064ec00c29401961f6d3a5d9ea8a
-
SSDEEP
12288:/1IAPjcS1lXlLL8O7NRfNCCZwIMWjXYpoNfSQR2U6iyxBmiKJ1P1Dzx:/SGcS1lXlLL80ZwIvJfR2Ujy81dJ
Malware Config
Targets
-
-
Target
Ozix Anti-SS Tool Lite (32 bits) (1).exe
-
Size
938KB
-
MD5
f146fc6b0d7f3ad9ff8f14c8c8de6f6c
-
SHA1
48923c0d8b4d4ce6f4663993d453821ae55e6197
-
SHA256
1a6328b1da373a3e57e714ea983371a60c92c74600bbc78f509548e1272903b5
-
SHA512
84f402f35e9daafea7f3bf9cf53c5421210d88981796336d2fc9c56ac80dd6a112325420b7306b00cdb371b9a095ce9307a9064ec00c29401961f6d3a5d9ea8a
-
SSDEEP
12288:/1IAPjcS1lXlLL8O7NRfNCCZwIMWjXYpoNfSQR2U6iyxBmiKJ1P1Dzx:/SGcS1lXlLL80ZwIvJfR2Ujy81dJ
Score8/10-
Disables Task Manager via registry modification
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Deobfuscate/Decode Files or Information
Payload decoded via CertUtil.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Deobfuscate/Decode Files or Information
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1