General

  • Target

    dasdasd.exe

  • Size

    444KB

  • Sample

    241109-v9zz7s1rdr

  • MD5

    66ae10586372d32559b884649c3b1102

  • SHA1

    a889bbb0baf97ad846ab088624a6383d8b57711a

  • SHA256

    43cecbee43e517d644c43c91f1ca4a8c19b7f27e4972cb0fe30f6095f6d240d6

  • SHA512

    ea30568093d7a5655f8d3561bac56ebd558ea5667d6221d50fd2b8e7d95505a74a278a70d7f09845f91523035e1c2d4fa3c1b466a72482c6794974ef143be09e

  • SSDEEP

    12288:YF2itC7rxZjmoXuaiHi/Xy3I3sBmy1CLoMavQ9m:mHSZqoXuWPzloMaI9

Malware Config

Targets

    • Target

      dasdasd.exe

    • Size

      444KB

    • MD5

      66ae10586372d32559b884649c3b1102

    • SHA1

      a889bbb0baf97ad846ab088624a6383d8b57711a

    • SHA256

      43cecbee43e517d644c43c91f1ca4a8c19b7f27e4972cb0fe30f6095f6d240d6

    • SHA512

      ea30568093d7a5655f8d3561bac56ebd558ea5667d6221d50fd2b8e7d95505a74a278a70d7f09845f91523035e1c2d4fa3c1b466a72482c6794974ef143be09e

    • SSDEEP

      12288:YF2itC7rxZjmoXuaiHi/Xy3I3sBmy1CLoMavQ9m:mHSZqoXuWPzloMaI9

    • UAC bypass

    • Windows security bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks