General

  • Target

    bytebreaker.cc Exploit_62892647.exe

  • Size

    5.7MB

  • Sample

    250704-nqerlassaz

  • MD5

    688165a01a09bf0a274df49a074ca7af

  • SHA1

    ba2e194e9bd592f11913b1bea3ca7c7be4521f5d

  • SHA256

    c7791778f6329f2ee70db33a77f9b33edac40e8c87e6e243405711361761a01f

  • SHA512

    a21202b6d596a7ac1a6286b9382ee91219d48ac38f715ab48dd8520cb30506f18778d4c68ef9ecc84f8c34b69983b89fb753ee908abfb518482a682fe4ed9f30

  • SSDEEP

    98304:wdbaAtnwYXQ14gGRaqkhakUkdFf0NLiivYKe9H2SnqVjDDd3/BrqNPJqDsdTSq8W:qbR8daaojnDhBrqNNow

Malware Config

Targets

    • Target

      bytebreaker.cc Exploit_62892647.exe

    • Size

      5.7MB

    • MD5

      688165a01a09bf0a274df49a074ca7af

    • SHA1

      ba2e194e9bd592f11913b1bea3ca7c7be4521f5d

    • SHA256

      c7791778f6329f2ee70db33a77f9b33edac40e8c87e6e243405711361761a01f

    • SHA512

      a21202b6d596a7ac1a6286b9382ee91219d48ac38f715ab48dd8520cb30506f18778d4c68ef9ecc84f8c34b69983b89fb753ee908abfb518482a682fe4ed9f30

    • SSDEEP

      98304:wdbaAtnwYXQ14gGRaqkhakUkdFf0NLiivYKe9H2SnqVjDDd3/BrqNPJqDsdTSq8W:qbR8daaojnDhBrqNNow

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks