General

  • Target

    f809a6f2381f87db08fe2f201316513d350b4316aeda3bb7183b2d187019aae6N

  • Size

    1.1MB

  • Sample

    241111-pkhrqsyket

  • MD5

    e18d883029c3453877b98dba1737d260

  • SHA1

    3d75efed1e0d0e32bd9dfd5b6e8806752245f383

  • SHA256

    f809a6f2381f87db08fe2f201316513d350b4316aeda3bb7183b2d187019aae6

  • SHA512

    5948477fd4897de4ee1d4bc5cf24f196090a2cc80026572832439e142a8b05132b78eb5e61f9b31345eee0d9b5181d6015968cf45fe3087bc68a9088ce46af15

  • SSDEEP

    24576:mc6DlaYpwLw14FSso+tGz66zbx9o8oIux3X0+:mc6DlvOLw14ojB66zbxHoIuW

Malware Config

Targets

    • Target

      f809a6f2381f87db08fe2f201316513d350b4316aeda3bb7183b2d187019aae6N

    • Size

      1.1MB

    • MD5

      e18d883029c3453877b98dba1737d260

    • SHA1

      3d75efed1e0d0e32bd9dfd5b6e8806752245f383

    • SHA256

      f809a6f2381f87db08fe2f201316513d350b4316aeda3bb7183b2d187019aae6

    • SHA512

      5948477fd4897de4ee1d4bc5cf24f196090a2cc80026572832439e142a8b05132b78eb5e61f9b31345eee0d9b5181d6015968cf45fe3087bc68a9088ce46af15

    • SSDEEP

      24576:mc6DlaYpwLw14FSso+tGz66zbx9o8oIux3X0+:mc6DlvOLw14ojB66zbxHoIuW

    • Drops startup file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks