General

  • Target

    New WinRAR ZIP archive.zip

  • Size

    358KB

  • Sample

    241112-pzptla1rhy

  • MD5

    87154d9468b7992fa2fee144767dd4f5

  • SHA1

    fa0b67d0dbcf60ecbfa2fe12e5eeff29da38c8b4

  • SHA256

    5d52f255f8ee67dd5523ad09dd47357f4eed802894f88fef9ea2aee894f42729

  • SHA512

    325b16ec1119783fb39fe81e742f45602116d7efe96e30d146216e176693dd42235bd2d52a885dacc8c4aaa816f05e9cae90d15b56ca7ac539d9ada60afffd1e

  • SSDEEP

    6144:F4DJMdFS831h5Y4DJuigu/1+1n8DBiTFrYQD2VIyfHSrY5rZHO932dPval6J8j:FmJMnS41h5YmJ1gG1aUBc5rYI2HBr6Y2

Malware Config

Targets

    • Target

      New WinRAR ZIP archive.zip

    • Size

      358KB

    • MD5

      87154d9468b7992fa2fee144767dd4f5

    • SHA1

      fa0b67d0dbcf60ecbfa2fe12e5eeff29da38c8b4

    • SHA256

      5d52f255f8ee67dd5523ad09dd47357f4eed802894f88fef9ea2aee894f42729

    • SHA512

      325b16ec1119783fb39fe81e742f45602116d7efe96e30d146216e176693dd42235bd2d52a885dacc8c4aaa816f05e9cae90d15b56ca7ac539d9ada60afffd1e

    • SSDEEP

      6144:F4DJMdFS831h5Y4DJuigu/1+1n8DBiTFrYQD2VIyfHSrY5rZHO932dPval6J8j:FmJMnS41h5YmJ1gG1aUBc5rYI2HBr6Y2

    • Modifies visiblity of hidden/system files in Explorer

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

    • Target

      driver.sys

    • Size

      17KB

    • MD5

      8a17adcd8f3e544036dfdc25f2644922

    • SHA1

      e03eec0ff44bb5ab27ab50acf71a89e0f15f90ad

    • SHA256

      50bea91dfaff8335d4032c6a379dca922ddebaddcfde2f72b15d3a6dc2ff4e5a

    • SHA512

      051efc8eaf2650b76a523a737a6726e44da45b384f1103086c29e1fde337d03e479410a08af846eb86314ba4804b7e09292f2c163bac770e1f07edf74edab7ef

    • SSDEEP

      384:4e+AhSmf5h5VkR8Eb2Wb/wfT3iEx7bLDUjh0+:4e+AwmMi3iUbLDUjhT

    Score
    1/10
    • Target

      map.exe

    • Size

      315KB

    • MD5

      220d7af996c0bca571e964abe098aa91

    • SHA1

      44bfdb294e8d09f881fd39a7313cd94dde977262

    • SHA256

      e5a30ea9c9efd2d81d51f4778f2e904eb3fda2736c0028ec97d8b5d5d35548c9

    • SHA512

      18af8556c1e6254a4f7cd87959203d8249a5f0dc16b73093eefc7f7ced0442738adc1e55a062aeee4cb5edd416e0aa05e101800a741afddb57a6e94ac1eefd76

    • SSDEEP

      6144:UsLqdufVUNDa9dOQr1M7rU1a/NxEb52b/:PFUNDa9d71sU6o+

    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Target

      um.exe

    • Size

      574KB

    • MD5

      57447960fde2e17e64739a0a4853aeca

    • SHA1

      5c76fea05c81439f3ba79e42e6c8e6d808936793

    • SHA256

      2bf2e09ccb1066a6d20f19f961efa7fd64c2cdb607d319fb7b5f82323dde5183

    • SHA512

      dc22312839255e27ff54d43befbbdd26eacc2ec3890cda70d2651f8b02a81b4d497a0ba0c1e3bbde5793640bd74421f13b3e773b021ad57950a0d22d680075ba

    • SSDEEP

      6144:UsLqdufVUNDaA5Cwa69QWJpUg6CapvHE99+60gK/kRteG7yVnknxeKCAgwM8zE5D:PFUNDaNtdkKk7Ckn4p1FPci

    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks