General

  • Target

    2.0.rar

  • Size

    477KB

  • Sample

    241120-qs9qvsxndw

  • MD5

    20928a801cf74fa9f9e8ef76d3211109

  • SHA1

    0d1b1815a441763c7732f237ea334e3dfbc20093

  • SHA256

    2181199b28b86022e3f975a3cec5d0f56fc13cb6385627e4a288063ce0b9b433

  • SHA512

    10ee8f796187459f87c6218f457d9c94d73b5f31750d8fdc5278d1ad27ad980fc9ca82162d111deb848ed11e7aa071ac6e9937afdf115d156462aefbe8f50ad8

  • SSDEEP

    12288:wzs7p+jqPhwVO2KcMULjkUIHv7iDFasELvHyC3KTs:0Sp+jqP6ISMULjoW5wygIs

Malware Config

Targets

    • Target

      1d871d84ee02630558411e47c81ef2aa8bef8f6cd8daaf594f133f545f772c26.exe

    • Size

      824KB

    • MD5

      7d17a868abac9de81fe79087eee31471

    • SHA1

      2d3f58ea051db43964243b8aefb7279e45e7bda9

    • SHA256

      1d871d84ee02630558411e47c81ef2aa8bef8f6cd8daaf594f133f545f772c26

    • SHA512

      85ec6c3cf0908b306712041fc9d971d27349641245c29f126e01443dcc6ccd78530c789b15d345938c194009c890b42f7c95bc65deae1ef7372e5744651f9540

    • SSDEEP

      24576:ntfYkVVmFFFKvvvvvvvvvvvvvvvvms4AkVVmFFFKvvvvvvvvvvvvvvvvms4n:n+vnAvn

    • Modifies WinLogon for persistence

    • Disables Task Manager via registry modification

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

    • Target

      9aaeb479b6bb61b97d6843d8681229ec1873acd0b488d575d71956c8d1ad1b02.exe

    • Size

      500KB

    • MD5

      c8c3a98c2916e96f5b8f07aeeb740066

    • SHA1

      c4920da5ce4f8912186dca18404ce7a9327c8dab

    • SHA256

      9aaeb479b6bb61b97d6843d8681229ec1873acd0b488d575d71956c8d1ad1b02

    • SHA512

      17bbde312e5fdbcc2766c5f0d5895dab72439844b8b2f89e4e3207a1c9396c8254ad0f2ce47ddb4c8081e9aabb9a61aa982babe47adfa0ba3e456c38d338e1e2

    • SSDEEP

      12288:+uRvXH+lNAFAvcE4vIKvQDsORs0hqK4vF:+gfelySvcE4vIKvUTRsRK8F

    • Modifies WinLogon for persistence

    • Disables Task Manager via registry modification

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks