General

  • Target

    atera_installer.zip

  • Size

    2.4MB

  • Sample

    241017-m6xfxayakm

  • MD5

    68964d056cd68679eaaadb1d81773349

  • SHA1

    5e9e1091e65f8aa8c0ac875c79d9b79562a05583

  • SHA256

    27c7a09c008c93405629c44df399db0564219bbc30cc321eee08858679665287

  • SHA512

    afc427503187f486033895b230b28907233471befa92baf5d897ab424a554ac296c02181f1a7bd4b2a2d2cdb55e1cbd334c053717e141e5578e71d7113372aa4

  • SSDEEP

    49152:QOqA8tZ+oh93cDPU4Se/4dm0Fqnd7e0wJU1W3pGpDQ1zUEd4U45TuhYjNH:QOh8r7cbUU4M0wnd7e1JUo6M4nxiYpH

Malware Config

Targets

    • Target

      MuddyWater

    • Size

      2.6MB

    • MD5

      809334c0b55009c5a50f37e4eec63c43

    • SHA1

      24b60847bc0712c9ba0b8036c59ee16c211fa8bb

    • SHA256

      2722e289767ae391e3c3773b8640a8b9f6eb24c6a9d6e541f29c8765f7a8944b

    • SHA512

      a615b5ebce41db0ee6318d845daff393372fe4bf93d7f8af5f450df1ecdb9a9ebde9af39c40b5980b4d1002eb609ddffe6010247971842a855fd3922000322bd

    • SSDEEP

      49152:r51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TzOFNOnUI:rPCMr2NMRmk/XeM9TEeRvx+ch/TzAr

    • AteraAgent

      AteraAgent is a remote monitoring and management tool.

    • Detects AteraAgent

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks