Resubmissions

16/10/2024, 09:46

241016-lrvs4axgnp 8

16/10/2024, 09:31

241016-lg64datara 8

General

  • Target

    New Piskel.png

  • Size

    117B

  • Sample

    241016-lrvs4axgnp

  • MD5

    6238485b992ab4997b63e06a35b342d4

  • SHA1

    0b25faad25b0cfa04ad840ec8df7d193de0e92fd

  • SHA256

    87cce25672ddd1ea21d11d9ae85d97e279642c29b224b9c6406365b7ed2c0ec4

  • SHA512

    1207d0c2502d42bed0cab55a5c0bdc12083be76abc33fd677f13f7c744cb9cc52a389d97e8f085186a4cf05671144d1fc7c56cc27cd6780ac80c5d11a834c24a

Malware Config

Targets

    • Target

      New Piskel.png

    • Size

      117B

    • MD5

      6238485b992ab4997b63e06a35b342d4

    • SHA1

      0b25faad25b0cfa04ad840ec8df7d193de0e92fd

    • SHA256

      87cce25672ddd1ea21d11d9ae85d97e279642c29b224b9c6406365b7ed2c0ec4

    • SHA512

      1207d0c2502d42bed0cab55a5c0bdc12083be76abc33fd677f13f7c744cb9cc52a389d97e8f085186a4cf05671144d1fc7c56cc27cd6780ac80c5d11a834c24a

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

    • Drops file in System32 directory

    • Probable phishing domain

MITRE ATT&CK Enterprise v15

Tasks