Resubmissions

03/05/2025, 08:09

250503-j2jsgaspv5 1

03/05/2025, 08:06

250503-jzm24szwh1 10

03/05/2025, 07:59

250503-jvv7xssps4 8

03/05/2025, 07:59

250503-jvj5nazwg1 1

General

  • Target

    OIP.jpg

  • Size

    34KB

  • Sample

    250503-jzm24szwh1

  • MD5

    9f352749515b33c53fd6dcdf9c08fa02

  • SHA1

    11c6b29d177f2262a53613aa6d995b96f6b58378

  • SHA256

    67b777e4fa23202de3c10f3788929b1fbbd92d9b0bc8bcf249bc34cf230f0c1f

  • SHA512

    58f91a251cb3c56a6190c8e4279f8e98c909b33214b935d0e58388a40ee281c82a736ad45b8186e8be360622d7d8aee954d82abd16f192d32ff2ad44427ef7db

  • SSDEEP

    768:zSYCMfFYFiijuob5LDe0fe1hM8PNqNCueShnw+DIzpXZC33mPo:zkM9YFiuuoNLq6SvkKS1IzpJCnB

Malware Config

Targets

    • Target

      OIP.jpg

    • Size

      34KB

    • MD5

      9f352749515b33c53fd6dcdf9c08fa02

    • SHA1

      11c6b29d177f2262a53613aa6d995b96f6b58378

    • SHA256

      67b777e4fa23202de3c10f3788929b1fbbd92d9b0bc8bcf249bc34cf230f0c1f

    • SHA512

      58f91a251cb3c56a6190c8e4279f8e98c909b33214b935d0e58388a40ee281c82a736ad45b8186e8be360622d7d8aee954d82abd16f192d32ff2ad44427ef7db

    • SSDEEP

      768:zSYCMfFYFiijuob5LDe0fe1hM8PNqNCueShnw+DIzpXZC33mPo:zkM9YFiuuoNLq6SvkKS1IzpJCnB

    • Blocklisted process makes network request

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Impair Defenses: Safe Mode Boot

    • Modifies file permissions

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks