Resubmissions

17-09-2024 18:15

240917-wwdeqaxclh 3

17-09-2024 18:12

240917-wtgpcsxbmh 3

17-09-2024 18:09

240917-wrmslaxbkl 8

17-09-2024 18:08

240917-wqx7yaxajf 3

16-09-2024 14:30

240916-rt67sssfjm 10

General

  • Target

    RNSM00481.7z

  • Size

    91.0MB

  • Sample

    240917-wrmslaxbkl

  • MD5

    b5fd3ccf036ee81814eee3b9f0e54643

  • SHA1

    7aae850b68fe3234ec0e835113db033f57ab779d

  • SHA256

    d73798bca8ae78c37444470da1322fe301418fb534417877d988751bf1da5e18

  • SHA512

    f900ad590f822410eb30c9a43b886eae95aa0af44dba2a5bf8779471df410ae4ddf19328c17a5a3578a1fde272771231c9b5ea53218d44e925936d3be264ee90

  • SSDEEP

    1572864:MN+sx1CnlGBt7cSjEZn+G6Yawe/IO1ZT5K605B5W79ldy2IkuNcyaG9fA:Mwsx1ulyBCnYYaw8/T5wBQ/uNfaIA

Malware Config

Targets

    • Target

      RNSM00481.7z

    • Size

      91.0MB

    • MD5

      b5fd3ccf036ee81814eee3b9f0e54643

    • SHA1

      7aae850b68fe3234ec0e835113db033f57ab779d

    • SHA256

      d73798bca8ae78c37444470da1322fe301418fb534417877d988751bf1da5e18

    • SHA512

      f900ad590f822410eb30c9a43b886eae95aa0af44dba2a5bf8779471df410ae4ddf19328c17a5a3578a1fde272771231c9b5ea53218d44e925936d3be264ee90

    • SSDEEP

      1572864:MN+sx1CnlGBt7cSjEZn+G6Yawe/IO1ZT5K605B5W79ldy2IkuNcyaG9fA:Mwsx1ulyBCnYYaw8/T5wBQ/uNfaIA

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks