General

  • Target

    Happy Thanksgiving post_it

  • Size

    20KB

  • Sample

    240930-sc54va1erl

  • MD5

    b7c6c8766f79434f2d4bf13db8878d06

  • SHA1

    8beda3a03b86fafb24f24f358ad024f8605a4e7a

  • SHA256

    bff08d628057816fd03746011754b6d3268f9a7dcdcfd12477783413f2f99dfb

  • SHA512

    9ad97cd92b76ec7a19c3276054be56cc8010d0c037653c27067a6a1b512d31cd0d30b809f7575baaee70495da451b783e53d9a82f6a02722d156146c5c8b1296

  • SSDEEP

    384:kNwgRPXirotzrtlFzOYtIuFgwz2ikHS3OpZOz25fgywNovZTl0acX:6PX4oRBFyiF+pSeoywNAK

Malware Config

Targets

    • Target

      Happy Thanksgiving post_it

    • Size

      20KB

    • MD5

      b7c6c8766f79434f2d4bf13db8878d06

    • SHA1

      8beda3a03b86fafb24f24f358ad024f8605a4e7a

    • SHA256

      bff08d628057816fd03746011754b6d3268f9a7dcdcfd12477783413f2f99dfb

    • SHA512

      9ad97cd92b76ec7a19c3276054be56cc8010d0c037653c27067a6a1b512d31cd0d30b809f7575baaee70495da451b783e53d9a82f6a02722d156146c5c8b1296

    • SSDEEP

      384:kNwgRPXirotzrtlFzOYtIuFgwz2ikHS3OpZOz25fgywNovZTl0acX:6PX4oRBFyiF+pSeoywNAK

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks