General
-
Target
WELL3900.zip
-
Size
15.5MB
-
Sample
240927-n8zjqa1gqj
-
MD5
30c2663b04c7f40cfa317f1211de5095
-
SHA1
c8dc380ae9f81ccd81530f0883d0bbc8dd6ba189
-
SHA256
4752e741be139eb1b577ce3adb5886b7df8e952adcbbeba6024390446ed033f4
-
SHA512
500d6042abc96bae41d0824c90f4cc454f0831d238e159151141c36f793d91eae62f82db6a1a06a5e63054c466fb42e083c07adaa958bd7b5acab3380e47d4eb
-
SSDEEP
393216:RcDwGjvX0YpjLPEWL7i0AXzGeZ3WNI7iGSZmv6:RuwWX0Y9EXaeZmG7i5my
Malware Config
Targets
-
-
Target
WELL3900.zip
-
Size
15.5MB
-
MD5
30c2663b04c7f40cfa317f1211de5095
-
SHA1
c8dc380ae9f81ccd81530f0883d0bbc8dd6ba189
-
SHA256
4752e741be139eb1b577ce3adb5886b7df8e952adcbbeba6024390446ed033f4
-
SHA512
500d6042abc96bae41d0824c90f4cc454f0831d238e159151141c36f793d91eae62f82db6a1a06a5e63054c466fb42e083c07adaa958bd7b5acab3380e47d4eb
-
SSDEEP
393216:RcDwGjvX0YpjLPEWL7i0AXzGeZ3WNI7iGSZmv6:RuwWX0Y9EXaeZmG7i5my
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1