General

  • Target

    34567c920c1f841bc358af797a1a68a44e2a62bef2681cc4805305a4291ff7a0

  • Size

    25KB

  • Sample

    241012-sn5bpa1fnn

  • MD5

    1f82a8ce9647b41ac676ee8c46a7e1e8

  • SHA1

    558237e4c00ae3604cd1baf6112a021ed7dc3d21

  • SHA256

    34567c920c1f841bc358af797a1a68a44e2a62bef2681cc4805305a4291ff7a0

  • SHA512

    8c0554a2aa23b7709d086aa66bb01e27f9b7ec1487ecffcffe5306ec5fdaa0a1bf85c24ed832529f3324bc86d06b83b56167481d6e869954ec9184c1d3e94603

  • SSDEEP

    384:f7gN6fhlV2MgRCAFS3SJlWRAGXNi0r3bb8buKoDjVoh:f70jCgv/RGboCFQ

Malware Config

Targets

    • Target

      34567c920c1f841bc358af797a1a68a44e2a62bef2681cc4805305a4291ff7a0

    • Size

      25KB

    • MD5

      1f82a8ce9647b41ac676ee8c46a7e1e8

    • SHA1

      558237e4c00ae3604cd1baf6112a021ed7dc3d21

    • SHA256

      34567c920c1f841bc358af797a1a68a44e2a62bef2681cc4805305a4291ff7a0

    • SHA512

      8c0554a2aa23b7709d086aa66bb01e27f9b7ec1487ecffcffe5306ec5fdaa0a1bf85c24ed832529f3324bc86d06b83b56167481d6e869954ec9184c1d3e94603

    • SSDEEP

      384:f7gN6fhlV2MgRCAFS3SJlWRAGXNi0r3bb8buKoDjVoh:f70jCgv/RGboCFQ

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Possible privilege escalation attempt

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks