General

  • Target

    sample

  • Size

    502KB

  • Sample

    240918-3bd9vaycne

  • MD5

    a63053d6b25c2b2246c3376202aa28e9

  • SHA1

    a7fd30ffd3d414badec0f20008a2222170b45e9b

  • SHA256

    a543866bf3540ffc1076fce10741a40adfe6cd3e25a4c1dae7ef5690c05df935

  • SHA512

    0fe15a75f52dccf6fae8e131346b9c320aa98ffdc27c0d556284ea823c37a607622862e2a550a1939b3218a57d6c41ab78dee564ee619e393c9cc584ca56d931

  • SSDEEP

    6144:CSlryDryHry+ry9ry6ryWryAryDrylryiP0:CIrwrmrPrur/rnrDr0rgrfP0

Malware Config

Targets

    • Target

      sample

    • Size

      502KB

    • MD5

      a63053d6b25c2b2246c3376202aa28e9

    • SHA1

      a7fd30ffd3d414badec0f20008a2222170b45e9b

    • SHA256

      a543866bf3540ffc1076fce10741a40adfe6cd3e25a4c1dae7ef5690c05df935

    • SHA512

      0fe15a75f52dccf6fae8e131346b9c320aa98ffdc27c0d556284ea823c37a607622862e2a550a1939b3218a57d6c41ab78dee564ee619e393c9cc584ca56d931

    • SSDEEP

      6144:CSlryDryHry+ry9ry6ryWryAryDrylryiP0:CIrwrmrPrur/rnrDr0rgrfP0

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks