General

  • Target

    42c3380a6e58ce41c087836f19c7fbbb298464e9e128f93132aa85b1da44a78eN.exe

  • Size

    211KB

  • Sample

    241117-q6pb3s1eph

  • MD5

    da29256e976a18c0b552ce0b8d5980d0

  • SHA1

    fd864a01bfd64074bfc11537e9b834082bd7f48e

  • SHA256

    42c3380a6e58ce41c087836f19c7fbbb298464e9e128f93132aa85b1da44a78e

  • SHA512

    c4983c0895478e5c254a41c2bf746da58ebae0f35d95cd76719327682795dd61951749ef7bae50c2da139195822d4023c15d54df92af17c1408e9c551795d55a

  • SSDEEP

    3072:WD6Xtx68yygRBE52mxkEOHLRMpZ4deth8PEAjAfIbAYGPhz6sPJBInxZqOGAAAAM:Wh8cBzHLRMpZ4d1ZZ

Malware Config

Targets

    • Target

      42c3380a6e58ce41c087836f19c7fbbb298464e9e128f93132aa85b1da44a78eN.exe

    • Size

      211KB

    • MD5

      da29256e976a18c0b552ce0b8d5980d0

    • SHA1

      fd864a01bfd64074bfc11537e9b834082bd7f48e

    • SHA256

      42c3380a6e58ce41c087836f19c7fbbb298464e9e128f93132aa85b1da44a78e

    • SHA512

      c4983c0895478e5c254a41c2bf746da58ebae0f35d95cd76719327682795dd61951749ef7bae50c2da139195822d4023c15d54df92af17c1408e9c551795d55a

    • SSDEEP

      3072:WD6Xtx68yygRBE52mxkEOHLRMpZ4deth8PEAjAfIbAYGPhz6sPJBInxZqOGAAAAM:Wh8cBzHLRMpZ4d1ZZ

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks