General

  • Target

    mert yılmaz.png

  • Size

    23KB

  • Sample

    241112-lywzqszfre

  • MD5

    35f4479404881c8d651621782107b135

  • SHA1

    69bc2a471be50be2c9d341dad214c4bbfe7c0dc7

  • SHA256

    ce3601ff7cde3c4d8163af362043658c86a79b032f8383ce7980d392ac1c6caf

  • SHA512

    098bb21ce5539af921ccdbb2dd8f16d107aac98187b03289b35571caf72ec533724b1cd04795008e6f81dfc0421125625b4b025caf13c834bf3f58a656a96ab9

  • SSDEEP

    384:d1OzaI5ZCNqEP6TURykwzbTGHzoeYDoRH1991E0KHEPXaehTOUW3uVczK:dsza7q24CHzo5Dohfk5kvaee39G

Malware Config

Targets

    • Target

      mert yılmaz.png

    • Size

      23KB

    • MD5

      35f4479404881c8d651621782107b135

    • SHA1

      69bc2a471be50be2c9d341dad214c4bbfe7c0dc7

    • SHA256

      ce3601ff7cde3c4d8163af362043658c86a79b032f8383ce7980d392ac1c6caf

    • SHA512

      098bb21ce5539af921ccdbb2dd8f16d107aac98187b03289b35571caf72ec533724b1cd04795008e6f81dfc0421125625b4b025caf13c834bf3f58a656a96ab9

    • SSDEEP

      384:d1OzaI5ZCNqEP6TURykwzbTGHzoeYDoRH1991E0KHEPXaehTOUW3uVczK:dsza7q24CHzo5Dohfk5kvaee39G

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies WinLogon

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks