General
-
Target
lp
-
Size
3KB
-
Sample
241113-31cgjs1gmg
-
MD5
1b898b551676aff0fecbc91f581cd479
-
SHA1
1d37c5832827794115628e4aec1a817da65fe43b
-
SHA256
d36ac2ba4e842fce623ab23c468502ea9a35da444e3e93491d5f1d614f8e6b51
-
SHA512
94d2fc85fd4f27dc4caba234e2945c64816ce39a3ec733e777e22c3d3c0d1cc765b6d89e82c92771e0fc1013bbe828fa52d2e9877343f8549c9c3e23860ae245
Static task
static1
Malware Config
Targets
-
-
Target
lp
-
Size
3KB
-
MD5
1b898b551676aff0fecbc91f581cd479
-
SHA1
1d37c5832827794115628e4aec1a817da65fe43b
-
SHA256
d36ac2ba4e842fce623ab23c468502ea9a35da444e3e93491d5f1d614f8e6b51
-
SHA512
94d2fc85fd4f27dc4caba234e2945c64816ce39a3ec733e777e22c3d3c0d1cc765b6d89e82c92771e0fc1013bbe828fa52d2e9877343f8549c9c3e23860ae245
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: =@L
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1