General

  • Target

    5c3a5108cb13a9cf6aee2ce4962c780e431eb3be5f776fd57992b2e4305c239bN

  • Size

    114KB

  • Sample

    241111-py1jpszalj

  • MD5

    ae4ef3ccdb7b4e105c23f6b099ec4cb0

  • SHA1

    3d75d4bda09cdf917ef36fb25e831ef9d1782c5c

  • SHA256

    5c3a5108cb13a9cf6aee2ce4962c780e431eb3be5f776fd57992b2e4305c239b

  • SHA512

    b49a409c48cf99cb7615434225506849d7dfcca1bcc5cab923dffff381d696a71726a19542783c5b17e6113c480ebc93146d4bcf30c3439934ec075044a6d921

  • SSDEEP

    3072:zZjurA1K+w7KMuu1F+/jmSkmngV5CvMabvl:1V9pj/2+2QDbt

Malware Config

Targets

    • Target

      5c3a5108cb13a9cf6aee2ce4962c780e431eb3be5f776fd57992b2e4305c239bN

    • Size

      114KB

    • MD5

      ae4ef3ccdb7b4e105c23f6b099ec4cb0

    • SHA1

      3d75d4bda09cdf917ef36fb25e831ef9d1782c5c

    • SHA256

      5c3a5108cb13a9cf6aee2ce4962c780e431eb3be5f776fd57992b2e4305c239b

    • SHA512

      b49a409c48cf99cb7615434225506849d7dfcca1bcc5cab923dffff381d696a71726a19542783c5b17e6113c480ebc93146d4bcf30c3439934ec075044a6d921

    • SSDEEP

      3072:zZjurA1K+w7KMuu1F+/jmSkmngV5CvMabvl:1V9pj/2+2QDbt

    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Sets service image path in registry

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks