General

  • Target

    a1eb07454ea5adab102dea131a43042b47ab37320077a33c28988f40a7e23d4e

  • Size

    46KB

  • Sample

    200121-p3fehv18v6

  • MD5

    91a8a49c123faff51b1052519bacd4fa

  • SHA1

    7c1bf5bfcf3b0cfcae7d2eff93b57a0e1432db50

  • SHA256

    a1eb07454ea5adab102dea131a43042b47ab37320077a33c28988f40a7e23d4e

  • SHA512

    b4e4716ade6cdcd1276db1ec35e5901944e1b7df09c7a36815291bee7b3c218943b1b9a19595483d7bba931994e9d397d2e4954e0382bd48b842bd85ade1cae0

Malware Config

Targets

    • Target

      a1eb07454ea5adab102dea131a43042b47ab37320077a33c28988f40a7e23d4e

    • Size

      46KB

    • MD5

      91a8a49c123faff51b1052519bacd4fa

    • SHA1

      7c1bf5bfcf3b0cfcae7d2eff93b57a0e1432db50

    • SHA256

      a1eb07454ea5adab102dea131a43042b47ab37320077a33c28988f40a7e23d4e

    • SHA512

      b4e4716ade6cdcd1276db1ec35e5901944e1b7df09c7a36815291bee7b3c218943b1b9a19595483d7bba931994e9d397d2e4954e0382bd48b842bd85ade1cae0

    • Process spawned unexpected child process

    • Executes dropped EXE

    • Checks whether UAC is enabled

    • Drops autorun.inf file

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Replication Through Removable Media

1
T1091

Impact

Defacement

1
T1491

Tasks