guerrilla | 815165ed2cfb5dee2b8c061f6436366b9d72e464dcc83db9c3c036475a875d5e | Triage

Submit
Reports

Overview

overview

Static

static

1

LDPlayer9_...ld.exe

windows7-x64

LDPlayer9_...ld.exe

windows10-2004-x64

3

Sharing

General

Target

LDPlayer9_es_1260_ld.exe
Size

12.3MB
Sample

240825-w2ak1szapn
MD5

53267fb7397aef58b1025636f8eed6b8
SHA1

bc2e7965b2a5d10de452dd590ffef7328b48e1bf
SHA256

815165ed2cfb5dee2b8c061f6436366b9d72e464dcc83db9c3c036475a875d5e
SHA512

bd966609dc941d64bb379913a8258f2c8b9712e76c8ea5a4c5f842aa86714c1a39d918b71f170491c08e40ffe6f6fe236a7cd025b93902b75080adb43056af9f
SSDEEP

393216:P9JRaxbxp41TXj2w5311sHznZc+TEI4gw:1ibxWT6w5AbZbTNC

Score

10^/10

guerrilla otpstealer discovery execution exploit infostealer persistence privilege_escalation rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

LDPlayer9_es_1260_ld.exe

Resource

win7-20240729-en

guerrilla otpstealer discovery execution exploit infostealer persistence privilege_escalation rat spyware trojan

windows7-x64

28 signatures

150 seconds

Behavioral task

behavioral2

Sample

LDPlayer9_es_1260_ld.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  LDPlayer9_es_1260_ld.exe
- Size
  
  12.3MB
- MD5
  
  53267fb7397aef58b1025636f8eed6b8
- SHA1
  
  bc2e7965b2a5d10de452dd590ffef7328b48e1bf
- SHA256
  
  815165ed2cfb5dee2b8c061f6436366b9d72e464dcc83db9c3c036475a875d5e
- SHA512
  
  bd966609dc941d64bb379913a8258f2c8b9712e76c8ea5a4c5f842aa86714c1a39d918b71f170491c08e40ffe6f6fe236a7cd025b93902b75080adb43056af9f
- SSDEEP
  
  393216:P9JRaxbxp41TXj2w5311sHznZc+TEI4gw:1ibxWT6w5AbZbTNC
Score

10^/10

guerrilla otpstealer discovery execution exploit infostealer persistence privilege_escalation rat spyware trojan
- Guerrilla
  Guerrilla is an Android malware used by the Lemon Group threat actor.
  trojan infostealer rat guerrilla
- Guerrilla payload
- Otpstealer
  Otpstealer is an Android SMS Stealer that targets OTP first seen in February 2022.
  trojan infostealer spyware otpstealer
- Otpstealer payload
- Creates new service(s)
  persistence execution
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guerrillaotpstealerdiscoveryexecutionexploitinfostealerpersistenceprivilege_escalationratspywaretrojan

behavioral2

© 2018-2025

Terms | Privacy