2f440f39322c83324680f0f00cd3c22e82a8591d5203dc5ac31600c0e80010da | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Libredirec...up.exe

windows10-1703-x64

8

Sharing

General

Target

Libredirect.Frontends.Manager_0.1.0_x64-setup.exe
Size

4.0MB
Sample

240629-mt33xsyfmp
MD5

90f5d0c396c33abc470e4481c9699af7
SHA1

eb6129e1eacbfa50f7f3356597a66f3f885bf490
SHA256

2f440f39322c83324680f0f00cd3c22e82a8591d5203dc5ac31600c0e80010da
SHA512

6fd59a753c69ba352a7750caddad2d54e5721821c1bf6852120bd483cb02d1e4e8bd5af6b06758de88ff34f4b95febafbe5fa714f46513e4c756f8d58dc70666
SSDEEP

98304:hZrWpY5hGMQsIpxhmBZUcepLTHljWfGqWAKCePbu1zrxcYG/V9:hRZGMHMK7zknHlyTWZ9TazrWV/V9

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Libredirect.Frontends.Manager_0.1.0_x64-setup.exe

Resource

win10-20240404-en

discovery persistence privilege_escalation

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  Libredirect.Frontends.Manager_0.1.0_x64-setup.exe
- Size
  
  4.0MB
- MD5
  
  90f5d0c396c33abc470e4481c9699af7
- SHA1
  
  eb6129e1eacbfa50f7f3356597a66f3f885bf490
- SHA256
  
  2f440f39322c83324680f0f00cd3c22e82a8591d5203dc5ac31600c0e80010da
- SHA512
  
  6fd59a753c69ba352a7750caddad2d54e5721821c1bf6852120bd483cb02d1e4e8bd5af6b06758de88ff34f4b95febafbe5fa714f46513e4c756f8d58dc70666
- SSDEEP
  
  98304:hZrWpY5hGMQsIpxhmBZUcepLTHljWfGqWAKCePbu1zrxcYG/V9:hRZGMHMK7zknHlyTWZ9TazrWV/V9
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2024

Terms | Privacy