3c649b9ecc218d6ec4051eece717e900a65943161d15cd57d467f49a8e73e489 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RogueKillerPEShell.dll
Size

3.2MB
Sample

240927-yv7y2sxckk
MD5

4c2b29faa1dc61f042eaf209407efc1c
SHA1

de8ddbb009339774a175c413039ae8517d7685f3
SHA256

3c649b9ecc218d6ec4051eece717e900a65943161d15cd57d467f49a8e73e489
SHA512

cb8dadf3eaee9870b13df7f3db72ea8353a558530c64b0b7a7ec09033aafdfcf9ba0f3cdac0032143b98e9af36b3e8980a05cd428e57b95346e547e8eafba805
SSDEEP

49152:pS6VqJVtygaZz6ee3mKeIYv1Xdp2liKwzCaqZR/56VM6w7AeYWxpXZwR+iPLbWTq:X7CeN1A6ViA+UbTb

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  RogueKillerPEShell.dll
- Size
  
  3.2MB
- MD5
  
  4c2b29faa1dc61f042eaf209407efc1c
- SHA1
  
  de8ddbb009339774a175c413039ae8517d7685f3
- SHA256
  
  3c649b9ecc218d6ec4051eece717e900a65943161d15cd57d467f49a8e73e489
- SHA512
  
  cb8dadf3eaee9870b13df7f3db72ea8353a558530c64b0b7a7ec09033aafdfcf9ba0f3cdac0032143b98e9af36b3e8980a05cd428e57b95346e547e8eafba805
- SSDEEP
  
  49152:pS6VqJVtygaZz6ee3mKeIYv1Xdp2liKwzCaqZR/56VM6w7AeYWxpXZwR+iPLbWTq:X7CeN1A6ViA+UbTb
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation