Resubmissions

02/05/2025, 13:35

250502-qvqe1a1tdz 8

General

  • Target

    OIP.jpg

  • Size

    34KB

  • Sample

    250502-q5hg5scn3w

  • MD5

    9f352749515b33c53fd6dcdf9c08fa02

  • SHA1

    11c6b29d177f2262a53613aa6d995b96f6b58378

  • SHA256

    67b777e4fa23202de3c10f3788929b1fbbd92d9b0bc8bcf249bc34cf230f0c1f

  • SHA512

    58f91a251cb3c56a6190c8e4279f8e98c909b33214b935d0e58388a40ee281c82a736ad45b8186e8be360622d7d8aee954d82abd16f192d32ff2ad44427ef7db

  • SSDEEP

    768:zSYCMfFYFiijuob5LDe0fe1hM8PNqNCueShnw+DIzpXZC33mPo:zkM9YFiuuoNLq6SvkKS1IzpJCnB

Malware Config

Targets

    • Target

      OIP.jpg

    • Size

      34KB

    • MD5

      9f352749515b33c53fd6dcdf9c08fa02

    • SHA1

      11c6b29d177f2262a53613aa6d995b96f6b58378

    • SHA256

      67b777e4fa23202de3c10f3788929b1fbbd92d9b0bc8bcf249bc34cf230f0c1f

    • SHA512

      58f91a251cb3c56a6190c8e4279f8e98c909b33214b935d0e58388a40ee281c82a736ad45b8186e8be360622d7d8aee954d82abd16f192d32ff2ad44427ef7db

    • SSDEEP

      768:zSYCMfFYFiijuob5LDe0fe1hM8PNqNCueShnw+DIzpXZC33mPo:zkM9YFiuuoNLq6SvkKS1IzpJCnB

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies WinLogon

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks