General

  • Target

    sub-systems.docx

  • Size

    103KB

  • Sample

    241112-wdcepsxhjf

  • MD5

    a2afa98aa63e972f1c887c3f2b755103

  • SHA1

    e97d7164281b8ecbdfd0a5941534ef75784dd5ed

  • SHA256

    871b6e74118ee6c7b85a5ea0a14db672253b3710e6f5610245403ee7551c0b17

  • SHA512

    61f813105269d126bf88eeccbcdb04635dece2e99ef6a04245fc6fe50614e7fce4bc79cf161c9b14cc5c6a4a23c3110b6a7f7e9c3605dd9afce729e18e092301

  • SSDEEP

    3072:LEgK1wYWM6oWJRBiMbvlki5eW8gzuFm+Aezsp+Uh:/K1rJkvrqgz8IeALh

Malware Config

Targets

    • Target

      sub-systems.docx

    • Size

      103KB

    • MD5

      a2afa98aa63e972f1c887c3f2b755103

    • SHA1

      e97d7164281b8ecbdfd0a5941534ef75784dd5ed

    • SHA256

      871b6e74118ee6c7b85a5ea0a14db672253b3710e6f5610245403ee7551c0b17

    • SHA512

      61f813105269d126bf88eeccbcdb04635dece2e99ef6a04245fc6fe50614e7fce4bc79cf161c9b14cc5c6a4a23c3110b6a7f7e9c3605dd9afce729e18e092301

    • SSDEEP

      3072:LEgK1wYWM6oWJRBiMbvlki5eW8gzuFm+Aezsp+Uh:/K1rJkvrqgz8IeALh

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Detected potential entity reuse from brand STEAM.

MITRE ATT&CK Enterprise v15

Tasks