General

  • Target

    spoof.zip

  • Size

    565KB

  • Sample

    240930-r1j1vazhrm

  • MD5

    135bfcd7aaeeb3735f0c54b5f369dd8d

  • SHA1

    8f79cc33c22469bdf1305c7e139772dda8c0bb98

  • SHA256

    ad28a59e2234cee44a0eee96aff1c7a71054a40734d289fe0d436e79247ad6d3

  • SHA512

    8df5ac25479ffdf60309f95a69078ea249b8c6efc34f5a80a6daa06f9e391a490c7c63ebc9dffb8f6fa121a2293b317b94674b34ee22c079090aecfb8eeb769a

  • SSDEEP

    12288:Cq0wZ837dYRzxko5wLJXOKfegCEkwg+al7+fzohptnT1cby21fX:x0fLdYDyLJXN2gCEV2KfzAnBcby2JX

Malware Config

Targets

    • Target

      spoof.zip

    • Size

      565KB

    • MD5

      135bfcd7aaeeb3735f0c54b5f369dd8d

    • SHA1

      8f79cc33c22469bdf1305c7e139772dda8c0bb98

    • SHA256

      ad28a59e2234cee44a0eee96aff1c7a71054a40734d289fe0d436e79247ad6d3

    • SHA512

      8df5ac25479ffdf60309f95a69078ea249b8c6efc34f5a80a6daa06f9e391a490c7c63ebc9dffb8f6fa121a2293b317b94674b34ee22c079090aecfb8eeb769a

    • SSDEEP

      12288:Cq0wZ837dYRzxko5wLJXOKfegCEkwg+al7+fzohptnT1cby21fX:x0fLdYDyLJXN2gCEV2KfzAnBcby2JX

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Modifies boot configuration data using bcdedit

    • Modify Registry: Disable Windows Driver Blocklist

      Disable Windows Driver Blocklist via Registry.

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks