General
-
Target
Elite Ping Reducer.exe
-
Size
31.5MB
-
Sample
240903-xzj74swarf
-
MD5
b85479a19ec4743194eeb9d5f6e0af83
-
SHA1
5b9bc90e2dc7915a42a17ec01db4a01a8b4ff688
-
SHA256
0aa296b20732f620b607bfbbc249fa144ca4cd33b24dc6a0e210b859c271bd34
-
SHA512
f4f8a66dfa029e98d9ab4abf2ae853368ba99b81f72d8005efbc1ca15aa4db3529e2be0641bc8e9d66af942b8a1f6a16a0cdb8cce37efc2a2bf63341eab621c5
-
SSDEEP
786432:V6uFL8UPJzC171c9teAsDEJgFI9Z79qPe+MZsWgnFM3Hch:bFL8MJG1+9tnsDEJzKd2iNh
Malware Config
Targets
-
-
Target
Elite Ping Reducer.exe
-
Size
31.5MB
-
MD5
b85479a19ec4743194eeb9d5f6e0af83
-
SHA1
5b9bc90e2dc7915a42a17ec01db4a01a8b4ff688
-
SHA256
0aa296b20732f620b607bfbbc249fa144ca4cd33b24dc6a0e210b859c271bd34
-
SHA512
f4f8a66dfa029e98d9ab4abf2ae853368ba99b81f72d8005efbc1ca15aa4db3529e2be0641bc8e9d66af942b8a1f6a16a0cdb8cce37efc2a2bf63341eab621c5
-
SSDEEP
786432:V6uFL8UPJzC171c9teAsDEJgFI9Z79qPe+MZsWgnFM3Hch:bFL8MJG1+9tnsDEJzKd2iNh
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Ignore Process Interrupts
1Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1