Resubmissions

09/11/2024, 15:22

241109-srvxeswkhx 7

09/11/2024, 15:13

241109-sl63hazkek 7

General

  • Target

    payload-terbaru.exe

  • Size

    4.0MB

  • Sample

    241109-sl63hazkek

  • MD5

    2ca04cd7c9bda09b27658fd66d46a348

  • SHA1

    8ecd10505fd2a2cfa5e4c853bc66e80580aa21a2

  • SHA256

    4635aff3a0adcd7731a2807cf1f6e4c764829cbec4ba0ad09a36474b2a04114a

  • SHA512

    ecf05a1d910492fb60b1eaf5d1458cead071705b6cc64ed804bb808275f7c294a7bbf4a2641c5eaa73c0a945e41c163c5884e52de4c33508b31f1713b27c0d78

  • SSDEEP

    98304:kFXvGEh0QXep4jEt9D1KOORltyWtUmaMYPyb:kNnh0ge2jKROQB

Malware Config

Targets

    • Target

      payload-terbaru.exe

    • Size

      4.0MB

    • MD5

      2ca04cd7c9bda09b27658fd66d46a348

    • SHA1

      8ecd10505fd2a2cfa5e4c853bc66e80580aa21a2

    • SHA256

      4635aff3a0adcd7731a2807cf1f6e4c764829cbec4ba0ad09a36474b2a04114a

    • SHA512

      ecf05a1d910492fb60b1eaf5d1458cead071705b6cc64ed804bb808275f7c294a7bbf4a2641c5eaa73c0a945e41c163c5884e52de4c33508b31f1713b27c0d78

    • SSDEEP

      98304:kFXvGEh0QXep4jEt9D1KOORltyWtUmaMYPyb:kNnh0ge2jKROQB

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks