General
-
Target
LoaderV6(1).zip
-
Size
15.2MB
-
Sample
240719-tc67ksyekl
-
MD5
273e74c7c8e4fefcafca7ab2c634fef7
-
SHA1
9a01e91e93cef5c77de8c70b8ae80da15a540fff
-
SHA256
18b7e51b0f80744208e78cdbdc707e5b8467991af8bdea3c47f3ee25ad864277
-
SHA512
d3f788e51d165b72ebf9c46a3463dd594df308bc199a8f70db25945450ab0c5da3cb1aeffeb6cf9f46f323150bd4d5d660fefd054fed956a5b491dd21e228277
-
SSDEEP
393216:wjdAJ/kHfMO2/w1kBY8l5aFEYF/pAYfxXaI+vQkXLLcDlE610Cgr:wjKsHfMO2/wBFFF/pAYfR0vQk8DlN0Nr
Malware Config
Targets
-
-
Target
LoaderV6(1).zip
-
Size
15.2MB
-
MD5
273e74c7c8e4fefcafca7ab2c634fef7
-
SHA1
9a01e91e93cef5c77de8c70b8ae80da15a540fff
-
SHA256
18b7e51b0f80744208e78cdbdc707e5b8467991af8bdea3c47f3ee25ad864277
-
SHA512
d3f788e51d165b72ebf9c46a3463dd594df308bc199a8f70db25945450ab0c5da3cb1aeffeb6cf9f46f323150bd4d5d660fefd054fed956a5b491dd21e228277
-
SSDEEP
393216:wjdAJ/kHfMO2/w1kBY8l5aFEYF/pAYfxXaI+vQkXLLcDlE610Cgr:wjKsHfMO2/wBFFF/pAYfR0vQk8DlN0Nr
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1