General

  • Target

    19f11a7544376f6153876bbd828cdfbd14e6d8c36670bf528761ec5ae7861cb9

  • Size

    5.3MB

  • Sample

    241031-y38wba1pdy

  • MD5

    5a176e219005d94859c9540224ee418b

  • SHA1

    de7e67285a2d2116c70b30f55f74e166ddbac4cf

  • SHA256

    19f11a7544376f6153876bbd828cdfbd14e6d8c36670bf528761ec5ae7861cb9

  • SHA512

    5eb383637970e5501c66032430d738487bc33cb937c43f7d41f5fcc95e36c2a4580eebec1266659638558958d96c703d4203464bd2e307de9d7772b9cf372711

  • SSDEEP

    98304:h9Ns5TDi1FXQct/iAj185SHiX3vks8Uu50GPxluKMWRhjmAJf/ds:hgTDi1FXQct/iAj185SCX850ixFRhjXF

Malware Config

Targets

    • Target

      19f11a7544376f6153876bbd828cdfbd14e6d8c36670bf528761ec5ae7861cb9

    • Size

      5.3MB

    • MD5

      5a176e219005d94859c9540224ee418b

    • SHA1

      de7e67285a2d2116c70b30f55f74e166ddbac4cf

    • SHA256

      19f11a7544376f6153876bbd828cdfbd14e6d8c36670bf528761ec5ae7861cb9

    • SHA512

      5eb383637970e5501c66032430d738487bc33cb937c43f7d41f5fcc95e36c2a4580eebec1266659638558958d96c703d4203464bd2e307de9d7772b9cf372711

    • SSDEEP

      98304:h9Ns5TDi1FXQct/iAj185SHiX3vks8Uu50GPxluKMWRhjmAJf/ds:hgTDi1FXQct/iAj185SCX850ixFRhjXF

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks