guerrilla | 86e78c5424bca2e9f9b84c50e251118573dc22bcee6ff908362b6b0e37205bdc | Triage

Submit
Reports

Overview

overview

Static

static

1

LDPlayer9_...ld.exe

windows7-x64

1

LDPlayer9_...ld.exe

windows10-2004-x64

8

LDPlayer9_...ld.exe

windows11-21h2-x64

Sharing

General

Target

LDPlayer9_ru_1007_ld.exe
Size

6.2MB
Sample

240702-yjg89azepm
MD5

e0e91d2d5ecc36bde3a3ba87342c4442
SHA1

47dbd2d9ad2ac3c830339bada9f5daa1c7c993a2
SHA256

86e78c5424bca2e9f9b84c50e251118573dc22bcee6ff908362b6b0e37205bdc
SHA512

b1e2e7fb492158f5fa2ece54bd5a805a5dd97b1eca8d0da3d1ec2bfe8c55220acacf4627384e62745d440b263e1b416177094e33729b1bba97d414ebb575eb86
SSDEEP

98304:TaMOOH01Z71vVOO+svd2YJVr5cOlprwwEGK579UbrGi:TaMOA01uCtf5copnEGKF97

Score

10^/10

guerrilla discovery execution exploit infostealer persistence privilege_escalation rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

LDPlayer9_ru_1007_ld.exe

Resource

win7-20240419-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

LDPlayer9_ru_1007_ld.exe

Resource

win10v2004-20240508-en

discovery execution exploit persistence privilege_escalation

windows10-2004-x64

25 signatures

150 seconds

Behavioral task

behavioral3

Sample

LDPlayer9_ru_1007_ld.exe

Resource

win11-20240508-en

guerrilla discovery execution exploit infostealer persistence privilege_escalation rat trojan

windows11-21h2-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  LDPlayer9_ru_1007_ld.exe
- Size
  
  6.2MB
- MD5
  
  e0e91d2d5ecc36bde3a3ba87342c4442
- SHA1
  
  47dbd2d9ad2ac3c830339bada9f5daa1c7c993a2
- SHA256
  
  86e78c5424bca2e9f9b84c50e251118573dc22bcee6ff908362b6b0e37205bdc
- SHA512
  
  b1e2e7fb492158f5fa2ece54bd5a805a5dd97b1eca8d0da3d1ec2bfe8c55220acacf4627384e62745d440b263e1b416177094e33729b1bba97d414ebb575eb86
- SSDEEP
  
  98304:TaMOOH01Z71vVOO+svd2YJVr5cOlprwwEGK579UbrGi:TaMOA01uCtf5copnEGKF97
Score

10^/10

discovery execution exploit persistence privilege_escalation guerrilla infostealer rat trojan
- Guerrilla
  Guerrilla is an Android malware used by the Lemon Group threat actor.
  trojan infostealer rat guerrilla
- Guerrilla payload
- Creates new service(s)
  persistence execution
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionexploitpersistenceprivilege_escalation

behavioral3

guerrilladiscoveryexecutionexploitinfostealerpersistenceprivilege_escalationrattrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.