General

  • Target

    2. flashplayer21_0r0_213_winax.msi

  • Size

    19.7MB

  • Sample

    240802-ys6cfatalg

  • MD5

    4aa5146f8145e3f47a23a6c6229b43fc

  • SHA1

    6d23ae1f12682b6baa1833c12955ca9adf7d13f2

  • SHA256

    53dc0dc1b5f9975db2730ac5a8910560e682dff4f97bf5f956089718fc8e4e88

  • SHA512

    370eeca496b82d61b5162b1d1a09ae541993478ea45e03c7400f8d865fbbfcb38b4e8ebb5823582a71e376ab68ae18b6c0a3c27056315dc043a5fb66376205aa

  • SSDEEP

    393216:hGL9RX/DGFvJ6+fW/6r/AvjxhwRQceySvBSD5xVgC9xzOJAI48FY/bU:hY7/mAMW/6gTOQcCpExnOJAR8FY/b

Malware Config

Targets

    • Target

      2. flashplayer21_0r0_213_winax.msi

    • Size

      19.7MB

    • MD5

      4aa5146f8145e3f47a23a6c6229b43fc

    • SHA1

      6d23ae1f12682b6baa1833c12955ca9adf7d13f2

    • SHA256

      53dc0dc1b5f9975db2730ac5a8910560e682dff4f97bf5f956089718fc8e4e88

    • SHA512

      370eeca496b82d61b5162b1d1a09ae541993478ea45e03c7400f8d865fbbfcb38b4e8ebb5823582a71e376ab68ae18b6c0a3c27056315dc043a5fb66376205aa

    • SSDEEP

      393216:hGL9RX/DGFvJ6+fW/6r/AvjxhwRQceySvBSD5xVgC9xzOJAI48FY/bU:hY7/mAMW/6gTOQcCpExnOJAR8FY/b

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Blocklisted process makes network request

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Image File Execution Options Injection

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks