General
-
Target
ep_setup.exe
-
Size
10.0MB
-
Sample
240921-acfvvawbnm
-
MD5
45a5a443c01abd7618efef4827241312
-
SHA1
5390d36a371f0598b86301961d5fdb329e368e7a
-
SHA256
d7f98b8af8a3bfe9d93ce31558a62e4d5d0cd425bc30bbc0d517901e5b82bf46
-
SHA512
0df6330a020ce3b52320f087f56023db069b56d4579b43a9827b8158be430585b88fb43d98004eae4e7a05f85086f5762da17f51af95fdb302669ae1c581f734
-
SSDEEP
196608:aZN5gB3uI0Bn+2N8cL0yiao2ItCC2bO+WxNtTYneFC5YbMvr5GM6BZ2r34:QzgN4Bz7ieTCIKNtUniYYAvE
Malware Config
Targets
-
-
Target
ep_setup.exe
-
Size
10.0MB
-
MD5
45a5a443c01abd7618efef4827241312
-
SHA1
5390d36a371f0598b86301961d5fdb329e368e7a
-
SHA256
d7f98b8af8a3bfe9d93ce31558a62e4d5d0cd425bc30bbc0d517901e5b82bf46
-
SHA512
0df6330a020ce3b52320f087f56023db069b56d4579b43a9827b8158be430585b88fb43d98004eae4e7a05f85086f5762da17f51af95fdb302669ae1c581f734
-
SSDEEP
196608:aZN5gB3uI0Bn+2N8cL0yiao2ItCC2bO+WxNtTYneFC5YbMvr5GM6BZ2r34:QzgN4Bz7ieTCIKNtUniYYAvE
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Stops running service(s)
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1