General

  • Target

    NotaVirus.exe

  • Size

    415KB

  • Sample

    241112-sh6bssykdm

  • MD5

    e4a2f8bfa86f024070ff17fc9e457a81

  • SHA1

    ddf559377f285a57fc636d38162e703777581351

  • SHA256

    eff68c4a053fbaf022ba54d063c8f499cdf34de90eaa4b416fc7f2ebd4f9b512

  • SHA512

    d56eb80152c48f98a7d7d768d1c74be50486a62a0657daeafae76bc86238aaad8fc8234910c7cf875b5950423f839776b7312e69ad2dcf19ff677f52aa828208

  • SSDEEP

    6144:dhuGbXZA2zNMPMPwVtiN44zAi5NAOig3TBrCZMszqLi7ksvmacmWnZWe:3uypA2hESwGRwg3TBPi7BvmZmwZD

Malware Config

Targets

    • Target

      NotaVirus.exe

    • Size

      415KB

    • MD5

      e4a2f8bfa86f024070ff17fc9e457a81

    • SHA1

      ddf559377f285a57fc636d38162e703777581351

    • SHA256

      eff68c4a053fbaf022ba54d063c8f499cdf34de90eaa4b416fc7f2ebd4f9b512

    • SHA512

      d56eb80152c48f98a7d7d768d1c74be50486a62a0657daeafae76bc86238aaad8fc8234910c7cf875b5950423f839776b7312e69ad2dcf19ff677f52aa828208

    • SSDEEP

      6144:dhuGbXZA2zNMPMPwVtiN44zAi5NAOig3TBrCZMszqLi7ksvmacmWnZWe:3uypA2hESwGRwg3TBPi7BvmZmwZD

    • Blocklisted process makes network request

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks