Resubmissions

10-11-2024 01:42

241110-b41vrswgrj 8

10-11-2024 01:38

241110-b2c1xswkft 8

10-11-2024 01:32

241110-bx637swjhx 8

General

  • Target

    fnaf plus restored.exe

  • Size

    937KB

  • Sample

    241110-b2c1xswkft

  • MD5

    10fccccf042d47d4bf56bb1bc5e04273

  • SHA1

    42268e93106a8b9831f1750dbda236137d37542c

  • SHA256

    60ccfd2af3e5f68d1b1fa36140e97a65411f0ce26da19768933cd5128fe342fb

  • SHA512

    ef5f4cca065311aae4b3d35c74de5d2daeebb36396e0a15fa5a544460ccb8ef82dd2efa7efae1afa0bb76468e9986c2e3dfa37cfbca1c01ca212c9379b3b36a9

  • SSDEEP

    12288:qUDU9hdC/8PqDaPcUewtn10Gkt+Tu8mTLUyitik5ZEXhttD:qIU9hB5Bkt+TmYti8ZErtD

Malware Config

Targets

    • Target

      fnaf plus restored.exe

    • Size

      937KB

    • MD5

      10fccccf042d47d4bf56bb1bc5e04273

    • SHA1

      42268e93106a8b9831f1750dbda236137d37542c

    • SHA256

      60ccfd2af3e5f68d1b1fa36140e97a65411f0ce26da19768933cd5128fe342fb

    • SHA512

      ef5f4cca065311aae4b3d35c74de5d2daeebb36396e0a15fa5a544460ccb8ef82dd2efa7efae1afa0bb76468e9986c2e3dfa37cfbca1c01ca212c9379b3b36a9

    • SSDEEP

      12288:qUDU9hdC/8PqDaPcUewtn10Gkt+Tu8mTLUyitik5ZEXhttD:qIU9hB5Bkt+TmYti8ZErtD

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks