General

  • Target

    9942fa46a96baad6479248bf0a7874a0b03afe35577527524dc10fcbd01e7e48

  • Size

    72KB

  • Sample

    200110-1s3n6rbyfe

  • MD5

    1d051a0f5165c47c90baa60c66cd8dc9

  • SHA1

    1e776e848abfcc4e7dd2221a6c6128c1649cc3e8

  • SHA256

    9942fa46a96baad6479248bf0a7874a0b03afe35577527524dc10fcbd01e7e48

  • SHA512

    0e73474b7ce8bec13cec5b73e6ea3286c8364751337ef5cf15caf0151fe93a8dd7efa40753b90dba7848860e0c85bf0d9cae5aed9b769b6c7722009d72d0b860

Malware Config

Targets

    • Target

      9942fa46a96baad6479248bf0a7874a0b03afe35577527524dc10fcbd01e7e48

    • Size

      72KB

    • MD5

      1d051a0f5165c47c90baa60c66cd8dc9

    • SHA1

      1e776e848abfcc4e7dd2221a6c6128c1649cc3e8

    • SHA256

      9942fa46a96baad6479248bf0a7874a0b03afe35577527524dc10fcbd01e7e48

    • SHA512

      0e73474b7ce8bec13cec5b73e6ea3286c8364751337ef5cf15caf0151fe93a8dd7efa40753b90dba7848860e0c85bf0d9cae5aed9b769b6c7722009d72d0b860

    • Deletes shadow copies

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Deletion

2
T1107

Discovery

Remote System Discovery

1
T1018

Impact

Inhibit System Recovery

2
T1490

Tasks