General

  • Target

    LDPlayer64_es_3264_ld.exe

  • Size

    3.7MB

  • Sample

    240224-vkww9aha62

  • MD5

    c998cbb80a3587b0ea6cd5a705ccead6

  • SHA1

    cd0ca81f2ef529e9e94aaf19e90de08849eaa620

  • SHA256

    599b1c375b842f7287a9c1a899b70d2e5f21ca472f324491e2cfc94dca264dae

  • SHA512

    87fe55948359ccd897857e3206e22cf08b5bc41d49c941f9a1de82b03f885946381c71b12fca0cb5855da8e135fefecac12b4a4a72954859db2bba1f4325ff9e

  • SSDEEP

    49152:n+0AcdkzjCEscajAbDiY5pIxH3ZKanEjOaDbCyoR9sXafgkDFMVR9C1UhPJXMK7I:n+fTzmE285puXManEjfVzBiCV2HF

Malware Config

Targets

    • Target

      LDPlayer64_es_3264_ld.exe

    • Size

      3.7MB

    • MD5

      c998cbb80a3587b0ea6cd5a705ccead6

    • SHA1

      cd0ca81f2ef529e9e94aaf19e90de08849eaa620

    • SHA256

      599b1c375b842f7287a9c1a899b70d2e5f21ca472f324491e2cfc94dca264dae

    • SHA512

      87fe55948359ccd897857e3206e22cf08b5bc41d49c941f9a1de82b03f885946381c71b12fca0cb5855da8e135fefecac12b4a4a72954859db2bba1f4325ff9e

    • SSDEEP

      49152:n+0AcdkzjCEscajAbDiY5pIxH3ZKanEjOaDbCyoR9sXafgkDFMVR9C1UhPJXMK7I:n+fTzmE285puXManEjfVzBiCV2HF

    • Creates new service(s)

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks