General

  • Target

    31195.exe

  • Size

    3.1MB

  • Sample

    250121-dfh16aspep

  • MD5

    797a4c7fdccda03db763af03f52c116c

  • SHA1

    10e1d67db7c6f817d6a5e3ac923af5f92441bcd9

  • SHA256

    28d47f653cda2699e54ed54809af2587dd1de04df5cec184c0c5f9dc15bf26d7

  • SHA512

    5e4ea803325d97599627ac4f9f61d29964000987ac12852b052dbafb95448ab8a161dbee2630abe47a7b9d3e1bc9d732bf38b51ba6fd7981c1aa2bf6c0886121

  • SSDEEP

    98304:PxZznhCqdg33WJLX6TX9HzDaokj4R7Uld1ufXSs:PxlUQlzmX9HzODjW6d1ISs

Malware Config

Targets

    • Target

      31195.exe

    • Size

      3.1MB

    • MD5

      797a4c7fdccda03db763af03f52c116c

    • SHA1

      10e1d67db7c6f817d6a5e3ac923af5f92441bcd9

    • SHA256

      28d47f653cda2699e54ed54809af2587dd1de04df5cec184c0c5f9dc15bf26d7

    • SHA512

      5e4ea803325d97599627ac4f9f61d29964000987ac12852b052dbafb95448ab8a161dbee2630abe47a7b9d3e1bc9d732bf38b51ba6fd7981c1aa2bf6c0886121

    • SSDEEP

      98304:PxZznhCqdg33WJLX6TX9HzDaokj4R7Uld1ufXSs:PxlUQlzmX9HzODjW6d1ISs

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Possible privilege escalation attempt

    • Server Software Component: Terminal Services DLL

    • Allows Network login with blank passwords

      Allows local user accounts with blank passwords to access device from the network.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Modifies WinLogon

    • Network Share Discovery

      Attempt to gather information on host network.

    • Drops file in System32 directory

    • Hide Artifacts: Hidden Users

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks