Overview

overview

8

Static

static

1

RGB_Fusion....1.zip

windows11-21h2-x64

1

B24.0318.1....1.exe

windows11-21h2-x64

8

B24.0318.1/ver2.ini

windows11-21h2-x64

3

Resubmissions

09/08/2024, 20:46

240809-zkbcrsybpl 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RGB_Fusion_B24.0318.1.zip

  • Size

    93.1MB

  • Sample

    240809-zkbcrsybpl

  • MD5

    732b5c763ee58389ea0ee531cba12116

  • SHA1

    3c2bbdbd3374e81151a6fb21c64b62377f94577a

  • SHA256

    1b640163e84338ccc4abb88ac0c76548e405ba2c4ee1064f652b9a96af065945

  • SHA512

    790edff606e61755d284bc7f81dd43a0c9f31abc052b6d7ee53180b71344eb5a434a3429adc68cd6b9c311439600e6c4c2616823eef46e5b51a1a289e0945fa3

  • SSDEEP

    1572864:vIQBB7ziHIHeDhXJGo+XTsyxBKQh3/nk9ld78r997od6OFc:v1BoHIHa8TBxBKQhfkvx8Z986OFc

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      RGB_Fusion_B24.0318.1.zip

    • Size

      93.1MB

    • MD5

      732b5c763ee58389ea0ee531cba12116

    • SHA1

      3c2bbdbd3374e81151a6fb21c64b62377f94577a

    • SHA256

      1b640163e84338ccc4abb88ac0c76548e405ba2c4ee1064f652b9a96af065945

    • SHA512

      790edff606e61755d284bc7f81dd43a0c9f31abc052b6d7ee53180b71344eb5a434a3429adc68cd6b9c311439600e6c4c2616823eef46e5b51a1a289e0945fa3

    • SSDEEP

      1572864:vIQBB7ziHIHeDhXJGo+XTsyxBKQh3/nk9ld78r997od6OFc:v1BoHIHa8TBxBKQhfkvx8Z986OFc

    Score
    1/10
    behavioral1

    • Target

      B24.0318.1/UpdPack_B24.318.1.exe

    • Size

      93.1MB

    • MD5

      8dbb210bdc869d31753042128c7a791b

    • SHA1

      359eabfab857db901f3e769ad39b16cc9b769548

    • SHA256

      9207e638ad13824318ce5a2e53db3aa51b2a9bfda7c90203b4819818dd32bb8e

    • SHA512

      6703ba0f6ef9b4b57cef96b637b7d31d96a1cb786f0039af57f8a104a46330afb9008168b30f1721c2ab589e64a636caf04d7c33c68c6b897dca4061de30222c

    • SSDEEP

      1572864:IIQBB7ziHIHeDhXJGo+XTsyxBKQh3/nk9ld78r997od6OFD:I1BoHIHa8TBxBKQhfkvx8Z986OFD

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Drops file in Drivers directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral2

    • Target

      B24.0318.1/ver2.ini

    • Size

      5KB

    • MD5

      0263f110bba4711881413c778d8eca3f

    • SHA1

      1c48961d0d397ac9834e45819858f695a832561c

    • SHA256

      52c8f0f77ebf9df4726d7e531038eb6deecb25e1d003c32925c5f0064266b506

    • SHA512

      e16394661806d8df2d26af0d7cbbe0266f5bf7d28134ef4853678f85ea5cb3123c5738d7058e2bd22e8aa471f2ee7af19b913f419d9298727c4a5c0507d62967

    • SSDEEP

      96:rEMv5b9BVYIO615qf/7udcXUivGywSABNGBaSMztmfWtCMjm9ZcDuaHO0YxTk3D7:bvndt1gA43bxBSzgfc1uU9zEkjEMmHTk

    Score
    3/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks