b3c27c4c4db1ee499afb4de38367c45d4c1a00c3878fc3ba3061a44f5fbc27da | Triage

Resubmissions

21-07-2024 15:04

240721-sfz21atgld 8

17-06-2024 07:34

240617-jd8fxsvaqn 7

Sharing

General

Target

RewAdIs Launcheri v0.5.7z
Size

1.9MB
Sample

240721-sfz21atgld
MD5

c9075fe0bf2a613729809e0f709ac9d4
SHA1

02483c3b660090260640c544ed2e4e84c2bcbeba
SHA256

b3c27c4c4db1ee499afb4de38367c45d4c1a00c3878fc3ba3061a44f5fbc27da
SHA512

b34484a8c241c71ac24ec1e6d41cbf87448797a7b8d8ea73d9d87438f51cf0edc313c726ea13a90812322d95bb2a12c45c7e7baee8bf2019b1e145a5c3417dbd
SSDEEP

49152:RNggqbXi6oGltowwuc3aYmQImqkLnEqety14/1rozJm:RWFoGYTqIEqC710zJm

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  RewAdIs Launcheri v0.5.7z
- Size
  
  1.9MB
- MD5
  
  c9075fe0bf2a613729809e0f709ac9d4
- SHA1
  
  02483c3b660090260640c544ed2e4e84c2bcbeba
- SHA256
  
  b3c27c4c4db1ee499afb4de38367c45d4c1a00c3878fc3ba3061a44f5fbc27da
- SHA512
  
  b34484a8c241c71ac24ec1e6d41cbf87448797a7b8d8ea73d9d87438f51cf0edc313c726ea13a90812322d95bb2a12c45c7e7baee8bf2019b1e145a5c3417dbd
- SSDEEP
  
  49152:RNggqbXi6oGltowwuc3aYmQImqkLnEqety14/1rozJm:RWFoGYTqIEqC710zJm
Score

3^/10
behavioral1 behavioral2
- Target
  
  7z2401-x64.exe
- Size
  
  1.5MB
- MD5
  
  de644b4e1086f1315c422f359133543b
- SHA1
  
  54be86d121879b0e5d86604297c57a926d665fa8
- SHA256
  
  17a507cce4066c4be7db53d64d9a9e11dfecfd4f2411393690506e591b5895cd
- SHA512
  
  714d41254352d91834a4b648d613e9b4452b93b097b5781ec5bf3ec7c310a489d3a1c409b2f0a6946822b96f6943b579910d26a5f4324b320d485e856dbdcb1a
- SSDEEP
  
  49152:8yEuRNRgYQYk6tC0tkaNuiXatTQY7quUncuTVyvn65:8yEoL7tCzlqLcuBz5
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  RewAdIs_Launcher_v05.exe
- Size
  
  1.2MB
- MD5
  
  053487a5f68d7bb1a8fb36d07edef428
- SHA1
  
  799a6e4be54ad869319011380df12b6368024f08
- SHA256
  
  6c957cd9581d6c18df39a3b458ff6ac4d8b388cb7b66fb97ba4d314334493029
- SHA512
  
  f07722d73238226d04dad7f54b99c2f28f045d08b39d0e6133bd84a8d7316b6a84c07a2dfd2f1953c91744a036ed96f7944d8d0b638a9e7a264761096e31f18a
- SSDEEP
  
  24576:1RaZROMOm8FN7TjsPnzt2heeRhQbJEOeamDZNuFf:fkxOm+7TjsPnztyDMmawu
Score

8^/10
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoverypersistenceprivilege_escalation

behavioral4

discoverypersistenceprivilege_escalation

behavioral5

behavioral6