General
-
Target
sample
-
Size
66KB
-
Sample
241104-zbrcmaxclp
-
MD5
cd1b57f91a68cc5b241ca6b07499aa0f
-
SHA1
868e51ad2a98642c5a91d2f0b4d65cd6bf8f97f3
-
SHA256
7909ad298eba1b0e68c4e7a905563960e39bf5fdc324663e91dc9bf1af7e4565
-
SHA512
c61b85472831fc0e115f75106d8fba08d83be592e7e9ec567eacd45c146fe9e1d35c5d970642687dcff9f6452098ab13eb952057e42c79865c8e72138fc3d8f4
-
SSDEEP
1536:a69UFLCCwNieu/behNFZuSuWtWWxnqio1HSEpqc2SkASNWjII6ZsnJVrYa5vfu6c:l9UFLhwskqio1HSEpqc2SkASNWjII6Zx
Static task
static1
Behavioral task
behavioral1
Sample
sample.js
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
sample
-
Size
66KB
-
MD5
cd1b57f91a68cc5b241ca6b07499aa0f
-
SHA1
868e51ad2a98642c5a91d2f0b4d65cd6bf8f97f3
-
SHA256
7909ad298eba1b0e68c4e7a905563960e39bf5fdc324663e91dc9bf1af7e4565
-
SHA512
c61b85472831fc0e115f75106d8fba08d83be592e7e9ec567eacd45c146fe9e1d35c5d970642687dcff9f6452098ab13eb952057e42c79865c8e72138fc3d8f4
-
SSDEEP
1536:a69UFLCCwNieu/behNFZuSuWtWWxnqio1HSEpqc2SkASNWjII6ZsnJVrYa5vfu6c:l9UFLhwskqio1HSEpqc2SkASNWjII6Zx
-
Blocklisted process makes network request
-
Contacts a large (502) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
2Network Share Discovery
1Password Policy Discovery
1Peripheral Device Discovery
2Query Registry
5System Information Discovery
6System Location Discovery
1System Language Discovery
1