Overview

overview

10

Static

static

10

LibreOffic...64.msi

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LibreOffice_7.3.2_Win_x64.msi

  • Size

    332.0MB

  • Sample

    220414-pm7hwabff8

  • MD5

    2348baae0b4b306fbb5024d169278319

  • SHA1

    852371f458dd60dacd1c440aff8c37e1c1fa6f57

  • SHA256

    f883840d2f5ec5e11aa58e8ffdab076e470c475f4092c49d63cf57eb8271fcea

  • SHA512

    ff6e601d56938bc3304eea045dec9304820fe20ff200c093149bfc62ab6e8934018eb7ac17748dfbbe2a5b3a8255aae10a8459f382eeea0fcdeb79848adaceb4

Score
10/10
bazarbackdoorpersistence

Malware Config

Targets

    • Target

      LibreOffice_7.3.2_Win_x64.msi

    • Size

      332.0MB

    • MD5

      2348baae0b4b306fbb5024d169278319

    • SHA1

      852371f458dd60dacd1c440aff8c37e1c1fa6f57

    • SHA256

      f883840d2f5ec5e11aa58e8ffdab076e470c475f4092c49d63cf57eb8271fcea

    • SHA512

      ff6e601d56938bc3304eea045dec9304820fe20ff200c093149bfc62ab6e8934018eb7ac17748dfbbe2a5b3a8255aae10a8459f382eeea0fcdeb79848adaceb4

    Score
    10/10
    persistence

    • Registers COM server for autorun

      persistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks