General
-
Target
LDPlayer9_ens_10040_ld.exe
-
Size
3.6MB
-
Sample
240710-zy1jtazeqp
-
MD5
c85f57201dc0741041a0fe3bdf5bc52e
-
SHA1
f7fed7c3ba9a1bfb4e64e6bf17820ff53e49f6bc
-
SHA256
fbd3d3274fcd09cfa8ab1649c44c68bae8f717705f21da6004a11dbe08bf7147
-
SHA512
20c0eb8ae8b1b46f1cf1f8f8a35b47fc3d63f6200e4f2ff89f857d2220cdfee9a497ff0125a2de41d3915d8c16963f05746b2ef1b88e02395e0768e2d53f8891
-
SSDEEP
98304:ZykuIhvqfFAioK81r+kgdHNCoBiCV2Hb:c2CfFAiLnHYZ7
Static task
static1
Behavioral task
behavioral1
Sample
LDPlayer9_ens_10040_ld.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
LDPlayer9_ens_10040_ld.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
LDPlayer9_ens_10040_ld.exe
-
Size
3.6MB
-
MD5
c85f57201dc0741041a0fe3bdf5bc52e
-
SHA1
f7fed7c3ba9a1bfb4e64e6bf17820ff53e49f6bc
-
SHA256
fbd3d3274fcd09cfa8ab1649c44c68bae8f717705f21da6004a11dbe08bf7147
-
SHA512
20c0eb8ae8b1b46f1cf1f8f8a35b47fc3d63f6200e4f2ff89f857d2220cdfee9a497ff0125a2de41d3915d8c16963f05746b2ef1b88e02395e0768e2d53f8891
-
SSDEEP
98304:ZykuIhvqfFAioK81r+kgdHNCoBiCV2Hb:c2CfFAiLnHYZ7
-
Creates new service(s)
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Checks for any installed AV software in registry
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1