General

  • Target

    Skärmbild 2025-02-08 220846.jpg

  • Size

    17KB

  • Sample

    250519-yca7csyjx4

  • MD5

    c47a8921574fcf34049e4da841caef15

  • SHA1

    08e937b0dc69b9cf8c1ddabec5cc6f121c38fb5c

  • SHA256

    cf716d3a1115a428e22e715bf20f85c4ceafeb95bdf1013de20e4fef511e5b87

  • SHA512

    d03dfd04e54961f5cab61f5ddc13c2bd60c3c998ed98afeb03230145024403d253839f7b16fb7be3b494caff483b27d467baad31457077feb0b65e424b4b13e6

  • SSDEEP

    384:k5GsY517nL78ScGK8jhQol8nlISgx7OHRSMw2HKRmK9c+l5p7q/SWyLFrmF:k5+1T8ScGrjhQRS7KLdKRmKVDpeyMF

Malware Config

Targets

    • Target

      Skärmbild 2025-02-08 220846.jpg

    • Size

      17KB

    • MD5

      c47a8921574fcf34049e4da841caef15

    • SHA1

      08e937b0dc69b9cf8c1ddabec5cc6f121c38fb5c

    • SHA256

      cf716d3a1115a428e22e715bf20f85c4ceafeb95bdf1013de20e4fef511e5b87

    • SHA512

      d03dfd04e54961f5cab61f5ddc13c2bd60c3c998ed98afeb03230145024403d253839f7b16fb7be3b494caff483b27d467baad31457077feb0b65e424b4b13e6

    • SSDEEP

      384:k5GsY517nL78ScGK8jhQol8nlISgx7OHRSMw2HKRmK9c+l5p7q/SWyLFrmF:k5+1T8ScGrjhQRS7KLdKRmKVDpeyMF

    • Modifies WinLogon for persistence

    • Modifies Windows Defender DisableAntiSpyware settings

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks