General

  • Target

    sample

  • Size

    19KB

  • Sample

    241109-w4zb6asmfk

  • MD5

    d3260b3ae124de98bc3ae66eb7207eea

  • SHA1

    51648038a817e3d7498eba8ba33cbb6cd751e94c

  • SHA256

    1574e033e2aade93e29879505b3d27efb9d6a31a819eb3e11028fabe8c9ad87b

  • SHA512

    870ea2113b41ce9dbc4ff1393b0a49f1bdd530ae251acf545b222547b35a6125763dd52a8617f57937e1c729f3d20c2b1506c3d7d422664aa6313c556133fcc1

  • SSDEEP

    384:QPZspa1ocy4Y4lbGanMvhpN9aj0mj2b7nBY0CO/Wf21xCejiw:Qb1ocy4XEaMJpNEj0dnBY0CO/0IxPiw

Malware Config

Targets

    • Target

      sample

    • Size

      19KB

    • MD5

      d3260b3ae124de98bc3ae66eb7207eea

    • SHA1

      51648038a817e3d7498eba8ba33cbb6cd751e94c

    • SHA256

      1574e033e2aade93e29879505b3d27efb9d6a31a819eb3e11028fabe8c9ad87b

    • SHA512

      870ea2113b41ce9dbc4ff1393b0a49f1bdd530ae251acf545b222547b35a6125763dd52a8617f57937e1c729f3d20c2b1506c3d7d422664aa6313c556133fcc1

    • SSDEEP

      384:QPZspa1ocy4Y4lbGanMvhpN9aj0mj2b7nBY0CO/Wf21xCejiw:Qb1ocy4XEaMJpNEj0dnBY0CO/0IxPiw

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: F207D74D549850760A4C98C6@AdobeOrg

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks