General

  • Target

    fish.png

  • Size

    230KB

  • Sample

    250515-nq735sfm4v

  • MD5

    ac0e4629aae9a22f1d9afc2103b62d03

  • SHA1

    02ea4886e9ae6022f844822d428564a630f0ff03

  • SHA256

    c8036ad2e998627d2ac3bd47464ec41a9c388e60a3836f0cdbefb20e24bb7060

  • SHA512

    d6b64e2191e18a10dfbf05dcd725ea8ede791adb266ab68ebb3dc2435235cfc29478dd936a421696eb74b326a2094cfa2d6eaa6afba7baf60bb86333d1961950

  • SSDEEP

    6144:CO5ubT4PxOl5bQaRfIOiHzSgzbU2bIwUH6:P5ubT45CfIVHzSLRwI6

Malware Config

Targets

    • Target

      fish.png

    • Size

      230KB

    • MD5

      ac0e4629aae9a22f1d9afc2103b62d03

    • SHA1

      02ea4886e9ae6022f844822d428564a630f0ff03

    • SHA256

      c8036ad2e998627d2ac3bd47464ec41a9c388e60a3836f0cdbefb20e24bb7060

    • SHA512

      d6b64e2191e18a10dfbf05dcd725ea8ede791adb266ab68ebb3dc2435235cfc29478dd936a421696eb74b326a2094cfa2d6eaa6afba7baf60bb86333d1961950

    • SSDEEP

      6144:CO5ubT4PxOl5bQaRfIOiHzSgzbU2bIwUH6:P5ubT45CfIVHzSLRwI6

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks