General

  • Target

    b1.exe

  • Size

    1.6MB

  • Sample

    241111-2apths1nfp

  • MD5

    ce0bc75850960ef518cb8587361a89e7

  • SHA1

    e905a79ddd32771a5863539703b7888af239d810

  • SHA256

    c38c3ea3cd896f40ecba6f03b56008d19ed91e7589d443df90d06dd49092312c

  • SHA512

    81c016341dc9f80a385e338c67d724af1e80bc6b21c2eed04c87baa2b1af73077443c354a1f7f99badbabc82b7a434846d9a0fa874d99f902e404dbaa0622753

  • SSDEEP

    24576:ZD376QJDRqQaDg8OjdCMDuJOU1D9bAG2mEAb/JGKRPn03DT90rL:ZPdJ9ZenBOU19bN2mEGxJRP0l0rL

Malware Config

Targets

    • Target

      b1.exe

    • Size

      1.6MB

    • MD5

      ce0bc75850960ef518cb8587361a89e7

    • SHA1

      e905a79ddd32771a5863539703b7888af239d810

    • SHA256

      c38c3ea3cd896f40ecba6f03b56008d19ed91e7589d443df90d06dd49092312c

    • SHA512

      81c016341dc9f80a385e338c67d724af1e80bc6b21c2eed04c87baa2b1af73077443c354a1f7f99badbabc82b7a434846d9a0fa874d99f902e404dbaa0622753

    • SSDEEP

      24576:ZD376QJDRqQaDg8OjdCMDuJOU1D9bAG2mEAb/JGKRPn03DT90rL:ZPdJ9ZenBOU19bN2mEGxJRP0l0rL

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand MICROSOFT.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks