Overview

overview

6

Static

static

1

Eufonia-Cl...64.msi

windows7-x64

6

Eufonia-Cl...64.msi

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Eufonia-Client-windows-x86_64.msi

  • Size

    29.5MB

  • Sample

    240928-n627tsvdln

  • MD5

    043c5c1502dc00487a1dfd99b62732b2

  • SHA1

    67c284c5852bd2af91a55ec5d08f792de666e0bb

  • SHA256

    bb55abbc7bb2f87fcf349d3483497c76f8c9fb2923fe54f9d8c662fdc57a8c5a

  • SHA512

    8ae98e4bae3299095e9b3d668f5cea7155cc0eab471be6fbd278b15593fd79dda4de5ff45554ffeca5b5cfc0e8f4c6194acb55e12d18a2eeeb8596e4dbd8ed08

  • SSDEEP

    786432:GVuXoaq7A/9YtfMYsdBV05XO7rNBGFwgNE9H6F1Ioy:GUXoaqmQzYKO7poFBk6Lc

Score
6/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Eufonia-Client-windows-x86_64.msi

    • Size

      29.5MB

    • MD5

      043c5c1502dc00487a1dfd99b62732b2

    • SHA1

      67c284c5852bd2af91a55ec5d08f792de666e0bb

    • SHA256

      bb55abbc7bb2f87fcf349d3483497c76f8c9fb2923fe54f9d8c662fdc57a8c5a

    • SHA512

      8ae98e4bae3299095e9b3d668f5cea7155cc0eab471be6fbd278b15593fd79dda4de5ff45554ffeca5b5cfc0e8f4c6194acb55e12d18a2eeeb8596e4dbd8ed08

    • SSDEEP

      786432:GVuXoaq7A/9YtfMYsdBV05XO7rNBGFwgNE9H6F1Ioy:GUXoaqmQzYKO7poFBk6Lc

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

3
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Installer Packages

1
T1546.016

Privilege Escalation

Event Triggered Execution

3
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Installer Packages

1
T1546.016

Defense Evasion

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.