Resubmissions

21-06-2024 00:39

240621-az5sgstdqe 8

21-06-2024 00:29

240621-as9g4axfrq 8

21-06-2024 00:01

240621-aa5fesxcqq 7

20-06-2024 23:41

240620-3pw2tasfje 7

20-06-2024 23:39

240620-3nsyrsserb 7

General

  • Target

    cl_pg_installer (1).exe

  • Size

    11.8MB

  • Sample

    240621-aa5fesxcqq

  • MD5

    bae58fe42215baaef1061348ca9251f5

  • SHA1

    63207714e323f57183ec633e9f4502eb6834249d

  • SHA256

    072810611923fa8f1c046c96d626393223a5e4c2a6741f700352d75282b44d22

  • SHA512

    999193718ac3993a5df6463d70a06af4bd9dfcc1cc7c0279c988f1a06a8895b9581ccad8720a18e7be2d463f53f82e6f7b8ab174431000947b528ca14af9f667

  • SSDEEP

    196608:8KNJm3AqWBJHcsgH++L2Vmd6+DgTNfwZHYYilkSEF/U71e8PmWvMV7A:F/m3pWBJHUe+L2Vmd6mgBkq1MN8P1M2

Malware Config

Targets

    • Target

      new_installer.pyc

    • Size

      2KB

    • MD5

      ba34d7d1f693ba168d29ef2e19ebae9d

    • SHA1

      9733631b6ee0ea266e558504eea0187934388173

    • SHA256

      a7db04892f81c46ec24a3a1b7339f7ee32b596cf64b0f8cda6715c02481fdb45

    • SHA512

      8a776a468c5b7920911f583d030e2d0d2cc0ecd80c46018591650731a623032997f7f94ac2a4094252594c5d2efaf87f58bbcde08fa2f0b8756640b2f62a3883

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks