General

  • Target

    tasks_199.vir

  • Size

    376KB

  • Sample

    200719-r8qqgkrwe6

  • MD5

    396e9651ad4114c7417f0b07baa74221

  • SHA1

    e0207d1077ffd7751b9e9303d3bac943a7d90559

  • SHA256

    cfdb94b364a42302e1801a4c792b6ce161162e14c2d262eb799cfcf074dafcd8

  • SHA512

    9da858c7e4825b17d15d69f7cb5c0c1d5c0d741c1179883b423b6caa31c650fb2aaceee635f6db17cfea4f5a4897966a845f3984be5cf78db271c84e2c51c9ce

Malware Config

Targets

    • Target

      tasks_199.vir

    • Size

      376KB

    • MD5

      396e9651ad4114c7417f0b07baa74221

    • SHA1

      e0207d1077ffd7751b9e9303d3bac943a7d90559

    • SHA256

      cfdb94b364a42302e1801a4c792b6ce161162e14c2d262eb799cfcf074dafcd8

    • SHA512

      9da858c7e4825b17d15d69f7cb5c0c1d5c0d741c1179883b423b6caa31c650fb2aaceee635f6db17cfea4f5a4897966a845f3984be5cf78db271c84e2c51c9ce

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • JavaScript code in executable

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks