General
-
Target
ninite.com.exe
-
Size
415KB
-
Sample
240224-mt5azshe68
-
MD5
297f57d56451d91a9b2a55093fb6d037
-
SHA1
c31574e0459f95c6740bbb8d3f2f3c5c0c4f77fc
-
SHA256
498cd5a2c248406781a9bc91a66973ee617330185ad760c66eaa7a48daa9d02b
-
SHA512
e9f70cf11ca44cf9cc448e92a9855b3f467349e463bf3dd03a6bdddf3bf9cb02abcac98876de51afc13bf126b9554f8d288317aa54f6a39d34ce6bdb8b26195a
-
SSDEEP
6144:FhuGbXZA2zNMPMPwVtiN44zAi5NAOig3TBrCZMszqLi7ksvmacmWnZEe:vuypA2hESwGRwg3TBPi7BvmZmwZ9
Malware Config
Targets
-
-
Target
ninite.com.exe
-
Size
415KB
-
MD5
297f57d56451d91a9b2a55093fb6d037
-
SHA1
c31574e0459f95c6740bbb8d3f2f3c5c0c4f77fc
-
SHA256
498cd5a2c248406781a9bc91a66973ee617330185ad760c66eaa7a48daa9d02b
-
SHA512
e9f70cf11ca44cf9cc448e92a9855b3f467349e463bf3dd03a6bdddf3bf9cb02abcac98876de51afc13bf126b9554f8d288317aa54f6a39d34ce6bdb8b26195a
-
SSDEEP
6144:FhuGbXZA2zNMPMPwVtiN44zAi5NAOig3TBrCZMszqLi7ksvmacmWnZEe:vuypA2hESwGRwg3TBPi7BvmZmwZ9
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
6Subvert Trust Controls
1Install Root Certificate
1