Resubmissions
01/11/2024, 14:54
241101-sabgfs1hnd 801/11/2024, 13:44
241101-q1s33szjhy 331/10/2024, 12:23
241031-pkqgksyekn 830/10/2024, 12:31
241030-pp1hcatbrh 830/10/2024, 05:49
241030-gjbm2awnew 1029/10/2024, 13:23
241029-qnaqzawblk 828/10/2024, 18:37
241028-w9lm9aspaj 828/10/2024, 17:53
241028-wgjcessmg1 1030/03/2024, 20:59
240330-zstjbaee3s 8General
-
Target
Activator.exe
-
Size
628KB
-
Sample
241028-w9lm9aspaj
-
MD5
05d594d09d9da2815c1be83eed268fca
-
SHA1
725806deac12c65566e56e4c09eaa5cfa056a039
-
SHA256
edfaa64302a662837079d0196091bf93b0b9bd9e73441a94b306b67e0f90932f
-
SHA512
450a4c792709191911095fda0906afa5014ca8127865ab3348abadb46c0df52aa4d5d209f024199e4896ce88ae9001d10f956b5310d2227ee12982fa2cb2e7cf
-
SSDEEP
12288:UyZ5jbw9WUUGdQywTALbqUeQOy9gHPj5moXkjmYfiNTJad2U1vdlEboSV:UylkUypahuCPjUgg4TQ2Z
Static task
static1
Behavioral task
behavioral1
Sample
Activator.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Activator.exe
-
Size
628KB
-
MD5
05d594d09d9da2815c1be83eed268fca
-
SHA1
725806deac12c65566e56e4c09eaa5cfa056a039
-
SHA256
edfaa64302a662837079d0196091bf93b0b9bd9e73441a94b306b67e0f90932f
-
SHA512
450a4c792709191911095fda0906afa5014ca8127865ab3348abadb46c0df52aa4d5d209f024199e4896ce88ae9001d10f956b5310d2227ee12982fa2cb2e7cf
-
SSDEEP
12288:UyZ5jbw9WUUGdQywTALbqUeQOy9gHPj5moXkjmYfiNTJad2U1vdlEboSV:UylkUypahuCPjUgg4TQ2Z
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1