General
-
Target
0d47740bf97710835ebe91ac545ff0da45d81b54dfb8e2dea485fe5a123ae468.msi
-
Size
2.9MB
-
Sample
241031-cg8grsykdq
-
MD5
2ba70a300e16d1b51bd103de907777d8
-
SHA1
9774343aeb3b6f06593fc84a59422ef3b8cce66b
-
SHA256
0d47740bf97710835ebe91ac545ff0da45d81b54dfb8e2dea485fe5a123ae468
-
SHA512
a2ba8694ea4d014e4103ed02d11ba7309d0ce0f290f55f0d671710cdf61f6d06d976531469686325965966a2d9cd5a0b3a69f47ca5b351b40da03ffaf15d47bb
-
SSDEEP
49152:h+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:h+lUlz9FKbsodq0YaH7ZPxMb8tT
Behavioral task
behavioral1
Sample
0d47740bf97710835ebe91ac545ff0da45d81b54dfb8e2dea485fe5a123ae468.msi
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0d47740bf97710835ebe91ac545ff0da45d81b54dfb8e2dea485fe5a123ae468.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
0d47740bf97710835ebe91ac545ff0da45d81b54dfb8e2dea485fe5a123ae468.msi
-
Size
2.9MB
-
MD5
2ba70a300e16d1b51bd103de907777d8
-
SHA1
9774343aeb3b6f06593fc84a59422ef3b8cce66b
-
SHA256
0d47740bf97710835ebe91ac545ff0da45d81b54dfb8e2dea485fe5a123ae468
-
SHA512
a2ba8694ea4d014e4103ed02d11ba7309d0ce0f290f55f0d671710cdf61f6d06d976531469686325965966a2d9cd5a0b3a69f47ca5b351b40da03ffaf15d47bb
-
SSDEEP
49152:h+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:h+lUlz9FKbsodq0YaH7ZPxMb8tT
-
Ateraagent family
-
Detects AteraAgent
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1System Binary Proxy Execution
1Msiexec
1