General

  • Target

    LosslessScaling.exe

  • Size

    964KB

  • Sample

    241117-af9bka1ken

  • MD5

    14e7f07fc2edea093c10884496a545df

  • SHA1

    19d4fd25e155686512fe478b27bb74266c1dc2d5

  • SHA256

    53ceb0f5acd80d1aa643781e46dbd3da47a80e2f86d2519c362a4175154be2af

  • SHA512

    89b3bba013df9f4ab9aaa4633bbca9f39d2772db98101fe38c3ed4110e45cbfc39bc8f17ef88e334f4f317a9624d06727d5eb85f9f51a2be9097d145165353d1

  • SSDEEP

    12288:VjolzEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sDJr:Vol6tMCLPf1Oi32OvzTo4ZiRlT/dHP

Malware Config

Targets

    • Target

      LosslessScaling.exe

    • Size

      964KB

    • MD5

      14e7f07fc2edea093c10884496a545df

    • SHA1

      19d4fd25e155686512fe478b27bb74266c1dc2d5

    • SHA256

      53ceb0f5acd80d1aa643781e46dbd3da47a80e2f86d2519c362a4175154be2af

    • SHA512

      89b3bba013df9f4ab9aaa4633bbca9f39d2772db98101fe38c3ed4110e45cbfc39bc8f17ef88e334f4f317a9624d06727d5eb85f9f51a2be9097d145165353d1

    • SSDEEP

      12288:VjolzEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sDJr:Vol6tMCLPf1Oi32OvzTo4ZiRlT/dHP

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • System Binary Proxy Execution: wuauclt

      Abuse Wuauclt to proxy execution of malicious code.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks