General
-
Target
Delta V3.61 b_64320174.exe
-
Size
9.5MB
-
Sample
240906-vw11caydjj
-
MD5
2ba8c3c68e800a1d528f5b02fbc5e239
-
SHA1
44ce2f4f9028724899b2dd1ff36864f9c82d1840
-
SHA256
bbadb6ccbd7d9d7dee928cf1c31b377b8b5732390bb22b76ed8b2015ac69aa3f
-
SHA512
0e947fef1616c2a189e56c341bd29f2dbe91b9f45272f5f83cd0c0fe299dc36da758434d58a97d04b31d44662faee1e4838df6446da49e4a39986430e4713958
-
SSDEEP
196608:FbxQvUVkRyQ+9rqN7mQ3bKfIiaNPFHNRsiKd0:FdQcVp7rqN7L3bIIiEHMnK
Static task
static1
Behavioral task
behavioral1
Sample
Delta V3.61 b_64320174.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Delta V3.61 b_64320174.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Delta V3.61 b_64320174.exe
-
Size
9.5MB
-
MD5
2ba8c3c68e800a1d528f5b02fbc5e239
-
SHA1
44ce2f4f9028724899b2dd1ff36864f9c82d1840
-
SHA256
bbadb6ccbd7d9d7dee928cf1c31b377b8b5732390bb22b76ed8b2015ac69aa3f
-
SHA512
0e947fef1616c2a189e56c341bd29f2dbe91b9f45272f5f83cd0c0fe299dc36da758434d58a97d04b31d44662faee1e4838df6446da49e4a39986430e4713958
-
SSDEEP
196608:FbxQvUVkRyQ+9rqN7mQ3bKfIiaNPFHNRsiKd0:FdQcVp7rqN7L3bIIiEHMnK
-
Creates new service(s)
-
Drops file in Drivers directory
-
Checks for any installed AV software in registry
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Netsh Helper DLL
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Netsh Helper DLL
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1