General
-
Target
Chrmroe-intraller.zip
-
Size
43.5MB
-
Sample
241022-h94xyawcnj
-
MD5
a3e977185a264c990dc7ca1487b859da
-
SHA1
de3ef94646f519960dc0dece943e2e4c4a4f0163
-
SHA256
46334ecbb566c047a2fd9fa81ca12789e9eb299f2dcc18b0c78255f8edae616a
-
SHA512
55548f866f76add63f66f3bfc160c82782a031543e80129a2928f916deba3d40cd867939d264aa57d19795a879a75a4475b13092628a58856635915db211ab5a
-
SSDEEP
786432:xVh8Mq3Aj14agU1tVfKsQ6uQYTPuxYnz16PYk7Q/6JkcVyUSu:ZkahtVfKs1uRuxYnz1s97QSJB/
Static task
static1
Behavioral task
behavioral1
Sample
Chrmroe-intraller.msi
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
Chrmroe-intraller.msi
-
Size
43.5MB
-
MD5
113a2eab7ccf51501146194bbaadb175
-
SHA1
de00c7a8ff5b49adec8bc44eba7f6332446f0e8f
-
SHA256
4cab134dbaf1059613f44da615292af5713a0aa3a0185abda0cf1ebf8a7dc9a4
-
SHA512
ce681034d9c3cad7367fa2a541401036651ce79385524b10f8ea0287c6c6e1bd307c82d339056d6f2e2fd48cbdd05e80650c1b5acb62b55772b4157d3ef9c13e
-
SSDEEP
786432:KPmAYqjq7J2mESTU1A2SBaUCAkEPstiz7Ngv9iJ67P3+OBrIU7:d4m5U1A2SMUxstiz7NGYJ673z9
-
Gh0st RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1