General
-
Target
hello.html
-
Size
68B
-
Sample
241108-n642esvjbp
-
MD5
d3c30c5791061008e3151aae80b5bd1f
-
SHA1
fd341684be8d1f22f30c44d5589517b1db2fca56
-
SHA256
aa5d7739f021f50aefc76acf00cb3d778d96d347760c4629fa55ad850e51ef3f
-
SHA512
1ff7e9fd3c42bc3e88feb495f2aed40a6d41b01a199dac8594d9fbaebb518745bfb47c687ef77fa8c78ce3c7b1257700e3d0c85512b5834a79d6b66bde2672a2
Static task
static1
Malware Config
Targets
-
-
Target
hello.html
-
Size
68B
-
MD5
d3c30c5791061008e3151aae80b5bd1f
-
SHA1
fd341684be8d1f22f30c44d5589517b1db2fca56
-
SHA256
aa5d7739f021f50aefc76acf00cb3d778d96d347760c4629fa55ad850e51ef3f
-
SHA512
1ff7e9fd3c42bc3e88feb495f2aed40a6d41b01a199dac8594d9fbaebb518745bfb47c687ef77fa8c78ce3c7b1257700e3d0c85512b5834a79d6b66bde2672a2
-
Downloads MZ/PE file
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1