General
-
Target
downloads.ico
-
Size
73KB
-
Sample
241112-eb1k3stjft
-
MD5
d8b2fa3ea1aeec8de95bce5eb474e110
-
SHA1
23493e708b7e3fec1080ba3f0698633f87e18bb7
-
SHA256
fafdf81d1d5c874bc6fc385f0cafe1fc23ded7208781fe59ee525b887e063989
-
SHA512
ea3251a88f417b8d22eb2ac225a12f1c00b487ca49239ea0a4d381edf067b0e782bd994b6c9fd25fe2d7d4ddaff7558ac7bee082b5332ed3b914442bb4a1270d
-
SSDEEP
1536:3032KyRU1+W616iObpRlXVrlGdHIEPWsDvFY0/om:3kd+hUBpRKPvO0/om
Malware Config
Targets
-
-
Target
downloads.ico
-
Size
73KB
-
MD5
d8b2fa3ea1aeec8de95bce5eb474e110
-
SHA1
23493e708b7e3fec1080ba3f0698633f87e18bb7
-
SHA256
fafdf81d1d5c874bc6fc385f0cafe1fc23ded7208781fe59ee525b887e063989
-
SHA512
ea3251a88f417b8d22eb2ac225a12f1c00b487ca49239ea0a4d381edf067b0e782bd994b6c9fd25fe2d7d4ddaff7558ac7bee082b5332ed3b914442bb4a1270d
-
SSDEEP
1536:3032KyRU1+W616iObpRlXVrlGdHIEPWsDvFY0/om:3kd+hUBpRKPvO0/om
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Browser Extensions
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Indicator Removal
1Clear Persistence
1Modify Registry
5Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1