8f92101d2a894e756a78588139af3e48b9e27da7364c4fb5cf7153c673494fef | Triage

Sharing

General

Target

yt-dlp-gui.exe
Size

81.1MB
Sample

240929-ln7ngs1glg
MD5

6f3c85a4b583f3106733147e2d4c8dc0
SHA1

916f5d02c3acc3428bc835742f82e35119b15bac
SHA256

8f92101d2a894e756a78588139af3e48b9e27da7364c4fb5cf7153c673494fef
SHA512

813407932635bd363cb4f3e8da73d09b6b551df4014542bb5493623b6d4ee5a5bc19dd96304ad0b4ca7ce57377b0fcb5624d59a331116965d3d60a2aeb699955
SSDEEP

1572864:p9T8RtFkr3E0TMcvsTKpfRXUEgh74zObyfSvx+mm6BPNj0OsgRB:p9wRtFkr3JTN3fNUE64qbI2m6B1jBlRB

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  yt-dlp-gui.exe
- Size
  
  81.1MB
- MD5
  
  6f3c85a4b583f3106733147e2d4c8dc0
- SHA1
  
  916f5d02c3acc3428bc835742f82e35119b15bac
- SHA256
  
  8f92101d2a894e756a78588139af3e48b9e27da7364c4fb5cf7153c673494fef
- SHA512
  
  813407932635bd363cb4f3e8da73d09b6b551df4014542bb5493623b6d4ee5a5bc19dd96304ad0b4ca7ce57377b0fcb5624d59a331116965d3d60a2aeb699955
- SSDEEP
  
  1572864:p9T8RtFkr3E0TMcvsTKpfRXUEgh74zObyfSvx+mm6BPNj0OsgRB:p9wRtFkr3JTN3fNUE64qbI2m6B1jBlRB
Score

7^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalation