General

  • Target

    Daniel's discord pass is gyatt321.png

  • Size

    189KB

  • Sample

    240930-tervnstdpk

  • MD5

    87d4ea192c1b9cb6e927bc3ff06ac6f4

  • SHA1

    10f65942f5b8c69ebd87aa7fb4f5494a45b00f91

  • SHA256

    fce833aff59bbd57bdaf076613a1b41a72a3e0bc87c9e3bc6e8c7b4a417d7697

  • SHA512

    0592a958eaa672c9356f0e65503c9dd1c91c6cb610c9b2f0e12d5297855d3ae30d71faaff3f56041ce4b0630c077e3af3215547e3d786e98c80e12afc2803b3c

  • SSDEEP

    3072:S5Yc9sKM6uJ/dXdw6GLKnj31bs5vjyUWNF5YEd7+K06FCQ0wt5rOw:S5Yc9C6s/ReKnj3A+Zj5NdnCRerOw

Malware Config

Targets

    • Target

      Daniel's discord pass is gyatt321.png

    • Size

      189KB

    • MD5

      87d4ea192c1b9cb6e927bc3ff06ac6f4

    • SHA1

      10f65942f5b8c69ebd87aa7fb4f5494a45b00f91

    • SHA256

      fce833aff59bbd57bdaf076613a1b41a72a3e0bc87c9e3bc6e8c7b4a417d7697

    • SHA512

      0592a958eaa672c9356f0e65503c9dd1c91c6cb610c9b2f0e12d5297855d3ae30d71faaff3f56041ce4b0630c077e3af3215547e3d786e98c80e12afc2803b3c

    • SSDEEP

      3072:S5Yc9sKM6uJ/dXdw6GLKnj31bs5vjyUWNF5YEd7+K06FCQ0wt5rOw:S5Yc9C6s/ReKnj3A+Zj5NdnCRerOw

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks