General

  • Target

    loader.zip

  • Size

    335.5MB

  • Sample

    250120-tsszwsxrfk

  • MD5

    d674550c79874b4e698108e78c0972e6

  • SHA1

    d24e0f7df1d8a9ed049901caaa56a16c7840ae68

  • SHA256

    b422869f2bfe5b0f322c4c9cab65c53de742e846202bd8854f2c74a869aed1ec

  • SHA512

    dcb54866591e844a89b9ff1a7fdac3d070bcfbc0069c58361615a5e9c30a64d75594812cf936d2b04c4b43e1b5ab70a42077ce6acad8ea3e9edde66445596dbf

  • SSDEEP

    6291456:jJo+nU4FBOF1N32GNW6n9KPlgB7w6BviYOtFxuLbTLoRrwDS2FATO:Voy7a1N32GNMPmBEYEbu8rwHFAa

Malware Config

Targets

    • Target

      loader.zip

    • Size

      335.5MB

    • MD5

      d674550c79874b4e698108e78c0972e6

    • SHA1

      d24e0f7df1d8a9ed049901caaa56a16c7840ae68

    • SHA256

      b422869f2bfe5b0f322c4c9cab65c53de742e846202bd8854f2c74a869aed1ec

    • SHA512

      dcb54866591e844a89b9ff1a7fdac3d070bcfbc0069c58361615a5e9c30a64d75594812cf936d2b04c4b43e1b5ab70a42077ce6acad8ea3e9edde66445596dbf

    • SSDEEP

      6291456:jJo+nU4FBOF1N32GNW6n9KPlgB7w6BviYOtFxuLbTLoRrwDS2FATO:Voy7a1N32GNMPmBEYEbu8rwHFAa

    • Drops file in Drivers directory

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks