General

  • Target

    .

  • Size

    236KB

  • Sample

    250519-tmd9js1lv8

  • MD5

    ed6c8d48fa91d076bf298c5c3dcfe75a

  • SHA1

    5670e987c95b748e431bc968ef00167313656c66

  • SHA256

    a8f9cfef0409d4e90f39bb82c4c3f97fb9c9c3c89d118daae9f7a59befd94b52

  • SHA512

    d7d9f0008d9ed054e2732b912d317544e7d7aa9f8389859f4e0d2b6ca2b3a23c21bdee5503fd2b0cf59f5e08f398c9e0688d7ce6ad1a8194683a723bbcabc47a

  • SSDEEP

    3072:A7nmRZ4PIRp47lANAz81f9MFI2AwtN+6F/jmA:A7nmRZ0IRpLN8IUmA

Malware Config

Targets

    • Target

      .

    • Size

      236KB

    • MD5

      ed6c8d48fa91d076bf298c5c3dcfe75a

    • SHA1

      5670e987c95b748e431bc968ef00167313656c66

    • SHA256

      a8f9cfef0409d4e90f39bb82c4c3f97fb9c9c3c89d118daae9f7a59befd94b52

    • SHA512

      d7d9f0008d9ed054e2732b912d317544e7d7aa9f8389859f4e0d2b6ca2b3a23c21bdee5503fd2b0cf59f5e08f398c9e0688d7ce6ad1a8194683a723bbcabc47a

    • SSDEEP

      3072:A7nmRZ4PIRp47lANAz81f9MFI2AwtN+6F/jmA:A7nmRZ0IRpLN8IUmA

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v16

Tasks