General

  • Target

    picofreelaodversion.zip

  • Size

    37.0MB

  • Sample

    241031-hkrlbatalk

  • MD5

    30ad06c85007e7c43f11d0cd67726446

  • SHA1

    25be9ad2764e616c814fd26e37a269f71b019829

  • SHA256

    b76ab953eb39bfb300a6cb576ad91d58f394f5ac9f728b234ffe95eb876c9196

  • SHA512

    b3791f9fa412740d8363f81811ebc967b84a65c6a20c750e4737c22af5b57fbfbba5a857e41c5f20136b43d274ae119befb1476b4f8a17e667dc366af4eb02f5

  • SSDEEP

    786432:fPf1gZsPoqiEf3qcgrv+O6ovqvM9wqMRY028BZSlslsvozhjlHECSFG0:nelqvWrm+ivGwqMRY0FpOihjtIG0

Malware Config

Targets

    • Target

      КМSpicо.rar

    • Size

      37.0MB

    • MD5

      1489578698f5418825439fed0dcf93e7

    • SHA1

      c01124424dee99c09660d093eea6c525856d813b

    • SHA256

      20432382ee71d1d731ea85f1ab8ccf8507d9434308f403e78f348b874ca7e3c2

    • SHA512

      2f9d9f928a4f13aad4a0d2058054587aa75cfac71d7e8afd4135b498a59f944b8d2b01b10957b9c2e0267a3dceb16c5bb4acf7617c8f754ba55c4cd9c653f822

    • SSDEEP

      786432:NPf1gZsPoqiEf3qcgrv+O6ovqvM9wqMRY028BZSlslsvozhjlHECSFGf:delqvWrm+ivGwqMRY0FpOihjtIGf

    • Creates new service(s)

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks