General

  • Target

    13e6674126290984f0404b4ca438d0b699a15def98ba55930b09842da02d1671N.exe

  • Size

    313KB

  • Sample

    241112-pfmvwsvrbp

  • MD5

    20ace25552dff9d1f7bdcccf3f5fb1ef

  • SHA1

    e6a6b963a435f1b1a24c087d72ccafbc31cee9c1

  • SHA256

    399f1f14410d9ecdd3cdef741797315e46c0a92c6b71e20f6887fef47b491877

  • SHA512

    746cfb614fa52b2edb2652375bf9810195877ff6981f8389a6110d7d163a6cca0c2ba48734a3575171f7a49e4e5708fa83f1ba5569870c8ef510c45a52c4fa4a

  • SSDEEP

    6144:ueHwXUU5EYCTvaBjDjWrLJKuKnGML5Njcx2:uyMUusvalag5Nja2

Malware Config

Targets

    • Target

      13e6674126290984f0404b4ca438d0b699a15def98ba55930b09842da02d1671N.exe

    • Size

      313KB

    • MD5

      20ace25552dff9d1f7bdcccf3f5fb1ef

    • SHA1

      e6a6b963a435f1b1a24c087d72ccafbc31cee9c1

    • SHA256

      399f1f14410d9ecdd3cdef741797315e46c0a92c6b71e20f6887fef47b491877

    • SHA512

      746cfb614fa52b2edb2652375bf9810195877ff6981f8389a6110d7d163a6cca0c2ba48734a3575171f7a49e4e5708fa83f1ba5569870c8ef510c45a52c4fa4a

    • SSDEEP

      6144:ueHwXUU5EYCTvaBjDjWrLJKuKnGML5Njcx2:uyMUusvalag5Nja2

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables use of System Restore points

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks