General
-
Target
LDPlayer9_es_com.projz.z.android_3210_ld.exe
-
Size
3.6MB
-
Sample
240401-b1es5ahh6v
-
MD5
d534ec979305cb79edd861760de997d8
-
SHA1
0152e7516a813b06c67a10b713260377d0f97131
-
SHA256
2bccda899132b8287824b9c2bde2c6562ac12d36365fcd5720d64d20e3b9c009
-
SHA512
7e6e494fe2c086cc3668f2fbf8184b8ff9d271565e2af258eef0c81ce22bd6b3c3e008cce77542dafc80040f60f659ff3263bb66e14e62ddc26f251db36805be
-
SSDEEP
49152:mOKT1DxX1gvw9qcQr1ULjFvnxe2T9g4tGOPtSlX:mOY1N1g49Kr1ULxvxew9g1/
Static task
static1
Behavioral task
behavioral1
Sample
LDPlayer9_es_com.projz.z.android_3210_ld.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
LDPlayer9_es_com.projz.z.android_3210_ld.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
LDPlayer9_es_com.projz.z.android_3210_ld.exe
-
Size
3.6MB
-
MD5
d534ec979305cb79edd861760de997d8
-
SHA1
0152e7516a813b06c67a10b713260377d0f97131
-
SHA256
2bccda899132b8287824b9c2bde2c6562ac12d36365fcd5720d64d20e3b9c009
-
SHA512
7e6e494fe2c086cc3668f2fbf8184b8ff9d271565e2af258eef0c81ce22bd6b3c3e008cce77542dafc80040f60f659ff3263bb66e14e62ddc26f251db36805be
-
SSDEEP
49152:mOKT1DxX1gvw9qcQr1ULjFvnxe2T9g4tGOPtSlX:mOY1N1g49Kr1ULxvxew9g1/
-
Cobalt Strike reflective loader
Detects the reflective loader used by Cobalt Strike.
-
Detect ZGRat V1
-
Creates new service(s)
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Modifies file permissions
-
Checks for any installed AV software in registry
-
Downloads MZ/PE file
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Subvert Trust Controls
2SIP and Trust Provider Hijacking
1Install Root Certificate
1Impair Defenses
1File and Directory Permissions Modification
1Pre-OS Boot
1Bootkit
1Modify Registry
1