Resubmissions

01-10-2024 15:11

241001-skypqszeld 8

01-10-2024 15:06

241001-sg8erszdle 8

01-10-2024 15:05

241001-sf9w7szcrc 10

General

  • Target

    sample

  • Size

    20KB

  • Sample

    241001-skypqszeld

  • MD5

    d04f14603c744b072830c58eb605d341

  • SHA1

    126a361d583250b8d71347c3d6e610659ce7f1cc

  • SHA256

    1e8e3ef736ff953fafd5d24cfff946b13be0f396b3a3dd4f627a4dbe135ebbd3

  • SHA512

    849ba12162d36f01f93e445d80941573994b95413741c82fb9a647c5c58501fb9d3c6ab16d67575af1cc6293d80b8f681371267b64032407597f6476a2d07e42

  • SSDEEP

    384:Q6spa1ocy4m4lbGawMvhpN0uKzF2Jrc2REu4Y0wM1tsa31xCejiw:QM1ocy4VEabJpNDKyrAu4Y0wM1vlxPiw

Malware Config

Targets

    • Target

      sample

    • Size

      20KB

    • MD5

      d04f14603c744b072830c58eb605d341

    • SHA1

      126a361d583250b8d71347c3d6e610659ce7f1cc

    • SHA256

      1e8e3ef736ff953fafd5d24cfff946b13be0f396b3a3dd4f627a4dbe135ebbd3

    • SHA512

      849ba12162d36f01f93e445d80941573994b95413741c82fb9a647c5c58501fb9d3c6ab16d67575af1cc6293d80b8f681371267b64032407597f6476a2d07e42

    • SSDEEP

      384:Q6spa1ocy4m4lbGawMvhpN0uKzF2Jrc2REu4Y0wM1tsa31xCejiw:QM1ocy4VEabJpNDKyrAu4Y0wM1vlxPiw

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies boot configuration data using bcdedit

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks