General

  • Target

    AIMr.rar

  • Size

    53.9MB

  • Sample

    240626-h5yv5ascmc

  • MD5

    a4d7cd5278a6aff271cd09c472f2d822

  • SHA1

    3a59c9f86af0aa43810d2d5d9ea51a24154cccf3

  • SHA256

    9d367145b2c5e0ac06ba9978a955193b057bf7b637ffcf69dd4cfec42670c7b3

  • SHA512

    b22adc2c5ebcb996d0086b39e016e5c2a602b945c494043718163bb67f2c9d3a893bfbfca980442d802bf6864be5f949bd5b29bed0a47d3db767a9272e9672dd

  • SSDEEP

    1572864:p9rhKUS1mqnXvAuI8AQnKwkHP82Ne0tsAWt46GLw:pOUKmqnfAx8ABwWP7e0yNt46Gk

Malware Config

Targets

    • Target

      AIMr.rar

    • Size

      53.9MB

    • MD5

      a4d7cd5278a6aff271cd09c472f2d822

    • SHA1

      3a59c9f86af0aa43810d2d5d9ea51a24154cccf3

    • SHA256

      9d367145b2c5e0ac06ba9978a955193b057bf7b637ffcf69dd4cfec42670c7b3

    • SHA512

      b22adc2c5ebcb996d0086b39e016e5c2a602b945c494043718163bb67f2c9d3a893bfbfca980442d802bf6864be5f949bd5b29bed0a47d3db767a9272e9672dd

    • SSDEEP

      1572864:p9rhKUS1mqnXvAuI8AQnKwkHP82Ne0tsAWt46GLw:pOUKmqnfAx8ABwWP7e0yNt46Gk

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks