Overview

overview

8

Static

static

1

LDPlayer9_...ld.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LDPlayer9_ens_1001_ld.exe

  • Size

    2.5MB

  • Sample

    241014-jl9nyswhkr

  • MD5

    9855e448af8561fc920d69a7b45a309b

  • SHA1

    9ceb185e61fde58d6db6e3c4e2e7932ca53ce712

  • SHA256

    aebbda8979b54ca3094e835ec7bffb08aca6c79480675d46bc5df75d9750a583

  • SHA512

    a37495c629c9fd636702f1e1479b0ffd8c7b921cc914a7208478d2b9c348149634bd7736ed41d6627902e8b8e5d5316dbeb3d5783b93574a48b7fb1786fc6d6c

  • SSDEEP

    49152:XNfatughHaKLIKN1cueXlaYbsISTb/am5B8y6sEUhSSwoUKd:Xla4ghHaKMu2IYbsIW/amj8yF8SN

Score
8/10
discoveryexecutionexploitpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      LDPlayer9_ens_1001_ld.exe

    • Size

      2.5MB

    • MD5

      9855e448af8561fc920d69a7b45a309b

    • SHA1

      9ceb185e61fde58d6db6e3c4e2e7932ca53ce712

    • SHA256

      aebbda8979b54ca3094e835ec7bffb08aca6c79480675d46bc5df75d9750a583

    • SHA512

      a37495c629c9fd636702f1e1479b0ffd8c7b921cc914a7208478d2b9c348149634bd7736ed41d6627902e8b8e5d5316dbeb3d5783b93574a48b7fb1786fc6d6c

    • SSDEEP

      49152:XNfatughHaKLIKN1cueXlaYbsISTb/am5B8y6sEUhSSwoUKd:Xla4ghHaKMu2IYbsIW/amj8yF8SN

    Score
    8/10
    discoveryexecutionexploitpersistenceprivilege_escalation

    • Creates new service(s)

      persistenceexecution

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks