General

  • Target

    noentry_color.jpeg

  • Size

    429KB

  • Sample

    241030-xpqbdazcpn

  • MD5

    afccfea0a15e958d73a4c06a2154890d

  • SHA1

    10de41d2d93d9ee53b4b422bf3daf97f2c764741

  • SHA256

    ad355c309c54e506cff0e4c412e4b151a34f55754cf776c6bb475ee433251f29

  • SHA512

    1554d0ada533fe89788435a8beb279a5c7219cd457dd83de724f5f80c219c548bfd8388c402dbcf6ee52e9323e1922f5d0549a6ca98bedbb7374d3a0506d756d

  • SSDEEP

    12288:+f000000000000000000000000000000000000000000000000000000eoK8YNFt:IKHBB8Tq1

Malware Config

Targets

    • Target

      noentry_color.jpeg

    • Size

      429KB

    • MD5

      afccfea0a15e958d73a4c06a2154890d

    • SHA1

      10de41d2d93d9ee53b4b422bf3daf97f2c764741

    • SHA256

      ad355c309c54e506cff0e4c412e4b151a34f55754cf776c6bb475ee433251f29

    • SHA512

      1554d0ada533fe89788435a8beb279a5c7219cd457dd83de724f5f80c219c548bfd8388c402dbcf6ee52e9323e1922f5d0549a6ca98bedbb7374d3a0506d756d

    • SSDEEP

      12288:+f000000000000000000000000000000000000000000000000000000eoK8YNFt:IKHBB8Tq1

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks