General
-
Target
LDPlayer9_ens_10080_ld.exe
-
Size
3.4MB
-
Sample
240818-p546gathkh
-
MD5
9f9bbd12ae5894046810e6736ec4d892
-
SHA1
9e81b764a40ec39f6667c54b8d40da0b97cb5a7f
-
SHA256
8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4
-
SHA512
57d5b59de422394856e15b2d65c1f2a9e85a1b012c954ecad98682a84c7f90ff00be91819c8ae9cd123270e2cf446d69bfb248bde471a29846d57bf401417eaa
-
SSDEEP
49152:p2XX9nMhH9mpVLZ0CSf1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701K:p2XX96HMpVLZo1t0xOoGBiCV2Hmd
Static task
static1
Behavioral task
behavioral1
Sample
LDPlayer9_ens_10080_ld.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
LDPlayer9_ens_10080_ld.exe
-
Size
3.4MB
-
MD5
9f9bbd12ae5894046810e6736ec4d892
-
SHA1
9e81b764a40ec39f6667c54b8d40da0b97cb5a7f
-
SHA256
8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4
-
SHA512
57d5b59de422394856e15b2d65c1f2a9e85a1b012c954ecad98682a84c7f90ff00be91819c8ae9cd123270e2cf446d69bfb248bde471a29846d57bf401417eaa
-
SSDEEP
49152:p2XX9nMhH9mpVLZ0CSf1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701K:p2XX96HMpVLZo1t0xOoGBiCV2Hmd
-
Creates new service(s)
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
3Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1