Resubmissions

21-06-2024 00:39

240621-az5sgstdqe 8

21-06-2024 00:29

240621-as9g4axfrq 8

21-06-2024 00:01

240621-aa5fesxcqq 7

20-06-2024 23:41

240620-3pw2tasfje 7

20-06-2024 23:39

240620-3nsyrsserb 7

General

  • Target

    cl_pg_installer (1).exe

  • Size

    11.8MB

  • Sample

    240620-3pw2tasfje

  • MD5

    bae58fe42215baaef1061348ca9251f5

  • SHA1

    63207714e323f57183ec633e9f4502eb6834249d

  • SHA256

    072810611923fa8f1c046c96d626393223a5e4c2a6741f700352d75282b44d22

  • SHA512

    999193718ac3993a5df6463d70a06af4bd9dfcc1cc7c0279c988f1a06a8895b9581ccad8720a18e7be2d463f53f82e6f7b8ab174431000947b528ca14af9f667

  • SSDEEP

    196608:8KNJm3AqWBJHcsgH++L2Vmd6+DgTNfwZHYYilkSEF/U71e8PmWvMV7A:F/m3pWBJHUe+L2Vmd6mgBkq1MN8P1M2

Malware Config

Targets

    • Target

      cl_pg_installer (1).exe

    • Size

      11.8MB

    • MD5

      bae58fe42215baaef1061348ca9251f5

    • SHA1

      63207714e323f57183ec633e9f4502eb6834249d

    • SHA256

      072810611923fa8f1c046c96d626393223a5e4c2a6741f700352d75282b44d22

    • SHA512

      999193718ac3993a5df6463d70a06af4bd9dfcc1cc7c0279c988f1a06a8895b9581ccad8720a18e7be2d463f53f82e6f7b8ab174431000947b528ca14af9f667

    • SSDEEP

      196608:8KNJm3AqWBJHcsgH++L2Vmd6+DgTNfwZHYYilkSEF/U71e8PmWvMV7A:F/m3pWBJHUe+L2Vmd6mgBkq1MN8P1M2

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks