mirrorblast | 0e6451e1f0eadb89390f4360e2a49a2ffb66e92e8b3ae75400095e75f4dd6abb | Triage

Submit
Reports

Overview

overview

Static

static

load.msi

windows7_x64

load.msi

windows10_x64

Sharing

General

Target

load.msi
Size

548KB
Sample

211004-wek38sghaq
MD5

13173913da1f35728d84e78a3de983c9
SHA1

9a1437af2d653fc265472a47edab9f22d49b1941
SHA256

0e6451e1f0eadb89390f4360e2a49a2ffb66e92e8b3ae75400095e75f4dd6abb
SHA512

3627ec46eb5b8cbdfd28015b38de6cd2279ff15be67e1a5d0c58a86fc1c165a39f4dd2d664977f7ce8a4ded9d2d678ce09c6fa3962e1b93f8543049313527a52

Score

10^/10

mirrorblast loader persistence suricata

Static task

static1

Behavioral task

behavioral1

Sample

load.msi

Resource

win7-en-20210920

persistence suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

load.msi

Resource

win10v20210408

mirrorblast loader persistence suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  load.msi
- Size
  
  548KB
- MD5
  
  13173913da1f35728d84e78a3de983c9
- SHA1
  
  9a1437af2d653fc265472a47edab9f22d49b1941
- SHA256
  
  0e6451e1f0eadb89390f4360e2a49a2ffb66e92e8b3ae75400095e75f4dd6abb
- SHA512
  
  3627ec46eb5b8cbdfd28015b38de6cd2279ff15be67e1a5d0c58a86fc1c165a39f4dd2d664977f7ce8a4ded9d2d678ce09c6fa3962e1b93f8543049313527a52
Score

10^/10

persistence suricata mirrorblast loader
- MirrorBlast
  MirrorBlast is a script acting as loader for FlawedGrace RAT.
  loader mirrorblast
- suricata: ET MALWARE MirrorBlast CnC Activity M2
  suricata: ET MALWARE MirrorBlast CnC Activity M2
  suricata
- suricata: ET MALWARE MirrorBlast CnC Activity M3
  suricata: ET MALWARE MirrorBlast CnC Activity M3
  suricata
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2

mirrorblastloaderpersistencesuricata

© 2018-2024

Terms | Privacy