General

  • Target

    761dffc1e47769b81f33e40f159cb36a54d7d241f278f49e8383e0a28e55dbab.exe

  • Size

    777KB

  • Sample

    241110-wwzb7a1qax

  • MD5

    7c04bddcca9cb40af43b31afee8c434b

  • SHA1

    f8c884e435d7d3b6fee6d68b5da323d517521912

  • SHA256

    e7081a52947cd74efc66bdadfada4f8c734a23c28f15d66ad8f9efde89590c43

  • SHA512

    d379a6d76d01fd35be6be6f80890573520ace26d80b653e5734de687a14bdebf567dcb68f4a451f5a696054bd586b73f4ed9b62087439c40bb879a77f0af7357

  • SSDEEP

    24576:sMwhY36B+DeNLLQu+Zx0PARxFWfcFqal/F4X5ZiR:sMwhESstZq+WfQiX5a

Malware Config

Targets

    • Target

      761dffc1e47769b81f33e40f159cb36a54d7d241f278f49e8383e0a28e55dbab.exe

    • Size

      777KB

    • MD5

      7c04bddcca9cb40af43b31afee8c434b

    • SHA1

      f8c884e435d7d3b6fee6d68b5da323d517521912

    • SHA256

      e7081a52947cd74efc66bdadfada4f8c734a23c28f15d66ad8f9efde89590c43

    • SHA512

      d379a6d76d01fd35be6be6f80890573520ace26d80b653e5734de687a14bdebf567dcb68f4a451f5a696054bd586b73f4ed9b62087439c40bb879a77f0af7357

    • SSDEEP

      24576:sMwhY36B+DeNLLQu+Zx0PARxFWfcFqal/F4X5ZiR:sMwhESstZq+WfQiX5a

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Blocklisted process makes network request

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Ornitologisk.Aft

    • Size

      53KB

    • MD5

      67b3616cc286b91c6bd34e0ef06458c5

    • SHA1

      69cca440d16c92066bf037c903449cd6b85c02e4

    • SHA256

      40426fee8802d21e821cdb9380dc50750f8e3015d9c486e11685b06e19a8c59b

    • SHA512

      fc8e022b4d8a329034f4dba81377ea9b8390d0ea8824cb3e3b7f9157be0e33f592841f5329f7db46eb0ffccf09bdcdb196f4e5e0b94ca289b3fa0bcc0953f093

    • SSDEEP

      1536:RGlCobnJs2j8Bm4UHDO5+993vpAjHbhvCovPaRX:6TGC/wvCoPaB

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks