General

  • Target

    71422bf602763fd91890dc95d17b4feed83f8fd78bfa934b200e7e94daf39d05

  • Size

    3.4MB

  • Sample

    241108-aj1tlazpaz

  • MD5

    7d1c7fb063e54176e3020c3d721ca666

  • SHA1

    63ee176eab527917291d36a641298b9a17548ec9

  • SHA256

    71422bf602763fd91890dc95d17b4feed83f8fd78bfa934b200e7e94daf39d05

  • SHA512

    e76990340a7a158a2162b6ee47fa00e3c04defb26910edf8e05616980e491a02bd1ecfcbbb0060776c0d8c576bf5e0f1055b9772dfba5a8c77d6d4dd27400ae2

  • SSDEEP

    98304:XrQZjrQZYrQZjrQZgrQZjrQZYrQZjrQZR:Xr2jr2Yr2jr2gr2jr2Yr2jr2R

Malware Config

Targets

    • Target

      71422bf602763fd91890dc95d17b4feed83f8fd78bfa934b200e7e94daf39d05

    • Size

      3.4MB

    • MD5

      7d1c7fb063e54176e3020c3d721ca666

    • SHA1

      63ee176eab527917291d36a641298b9a17548ec9

    • SHA256

      71422bf602763fd91890dc95d17b4feed83f8fd78bfa934b200e7e94daf39d05

    • SHA512

      e76990340a7a158a2162b6ee47fa00e3c04defb26910edf8e05616980e491a02bd1ecfcbbb0060776c0d8c576bf5e0f1055b9772dfba5a8c77d6d4dd27400ae2

    • SSDEEP

      98304:XrQZjrQZYrQZjrQZgrQZjrQZYrQZjrQZR:Xr2jr2Yr2jr2gr2jr2Yr2jr2R

    • Disables service(s)

    • Modifies visibility of file extensions in Explorer

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks