General

  • Target

    7z2405-x64.exe

  • Size

    1.5MB

  • Sample

    240909-ka77es1hjc

  • MD5

    c73433dd532d445d099385865f62148b

  • SHA1

    4723c45f297cc8075eac69d2ef94e7e131d3a734

  • SHA256

    12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

  • SHA512

    1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

  • SSDEEP

    49152:ZEVAbJqaITViU3qLkr7toP9KT+uv6WC+5uxe1o58:ZEVcqeUaki9oBqt+

Malware Config

Targets

    • Target

      7z2405-x64.exe

    • Size

      1.5MB

    • MD5

      c73433dd532d445d099385865f62148b

    • SHA1

      4723c45f297cc8075eac69d2ef94e7e131d3a734

    • SHA256

      12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

    • SHA512

      1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

    • SSDEEP

      49152:ZEVAbJqaITViU3qLkr7toP9KT+uv6WC+5uxe1o58:ZEVcqeUaki9oBqt+

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks