General

  • Target

    DALL·E 2024-12-30 14.35.51 - A sleek and futuristic desktop wallpaper resembling the style of Windows, designed for Windows 12. It features a clean and minimalist look with soft g.png

  • Size

    391KB

  • Sample

    250105-aansnstqaw

  • MD5

    3cbb073d555dbd7fde76107f9af87aeb

  • SHA1

    d520e59e84367a7e6504eb99851dac7102a0be38

  • SHA256

    5325075704f683c8c0db6328f92f18a56c5cc377858eda0bd6595cd6644a21fc

  • SHA512

    290824727a98f8b81b935aa759bdc72641cf063e3855a1eb015ef4c817a39a67d71adcd1a87b372c66bd79744460832bfcbedff0c50b7e89509f46ccf75147e8

  • SSDEEP

    6144:faLXVPQs01/mT9ge5bGX3e5N9H6f10CY9cZI0HjRVLfwnTkOG7uaKA:faLNQs01/mT1bG+5NFgCiLfF

Malware Config

Targets

    • Target

      DALL·E 2024-12-30 14.35.51 - A sleek and futuristic desktop wallpaper resembling the style of Windows, designed for Windows 12. It features a clean and minimalist look with soft g.png

    • Size

      391KB

    • MD5

      3cbb073d555dbd7fde76107f9af87aeb

    • SHA1

      d520e59e84367a7e6504eb99851dac7102a0be38

    • SHA256

      5325075704f683c8c0db6328f92f18a56c5cc377858eda0bd6595cd6644a21fc

    • SHA512

      290824727a98f8b81b935aa759bdc72641cf063e3855a1eb015ef4c817a39a67d71adcd1a87b372c66bd79744460832bfcbedff0c50b7e89509f46ccf75147e8

    • SSDEEP

      6144:faLXVPQs01/mT9ge5bGX3e5N9H6f10CY9cZI0HjRVLfwnTkOG7uaKA:faLNQs01/mT1bG+5NFgCiLfF

    • UAC bypass

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: 67C716D751E567F70A490D4C@AdobeOrg

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks