Overview

overview

7

Static

static

3

Install_Th....1.exe

windows7-x64

7

Install_Th....1.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Install_TheFastestMouseClicker_2.6.1.1.exe

  • Size

    6.9MB

  • Sample

    241003-ldc15azama

  • MD5

    988352f746d41587b1e2949cfcc49436

  • SHA1

    de43453528554514632eadf4c813306a7bb2c99f

  • SHA256

    d9c80324b7994e86dcf3c6988008feca2e5e2fd164c2e9f09991ac772aebe2cf

  • SHA512

    30e589211ce8a704b0ba75059454bf846e14fe9d64ffd8a72d75cc353072bb0fabf0f69cbf9226002edc11e5157bae1da964eb4b6c76e208dcbfe77c96542076

  • SSDEEP

    98304:wwREbzeIY/AMAWXchJ138Jrb9+//2pbkkf4SNjXcj8roDiEjwA:ALY/hMhJN8pRk/2pRfpNjXcj/iEkA

Score
7/10
microsoftdiscoverypersistencephishing

Malware Config

Targets

    • Target

      Install_TheFastestMouseClicker_2.6.1.1.exe

    • Size

      6.9MB

    • MD5

      988352f746d41587b1e2949cfcc49436

    • SHA1

      de43453528554514632eadf4c813306a7bb2c99f

    • SHA256

      d9c80324b7994e86dcf3c6988008feca2e5e2fd164c2e9f09991ac772aebe2cf

    • SHA512

      30e589211ce8a704b0ba75059454bf846e14fe9d64ffd8a72d75cc353072bb0fabf0f69cbf9226002edc11e5157bae1da964eb4b6c76e208dcbfe77c96542076

    • SSDEEP

      98304:wwREbzeIY/AMAWXchJ138Jrb9+//2pbkkf4SNjXcj8roDiEjwA:ALY/hMhJN8pRk/2pRfpNjXcj/iEkA

    Score
    7/10
    discoverymicrosoftpersistencephishing

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Detected potential entity reuse from brand MICROSOFT.

      phishingmicrosoft

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

2
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks