General

  • Target

    sample

  • Size

    27KB

  • Sample

    241113-dqtweawbpl

  • MD5

    31b79f055198819b28237d3ccb063185

  • SHA1

    e55083d1c9fe496a0e3d493f8d44457b4b275203

  • SHA256

    84ff3268a06a83186a1abeb937ab22e06ef7314282af37bdb3601eab5d8f08d9

  • SHA512

    1e74a5516525d52a07daad715a58f6df6267e10d7d124774b503e203ca4b5de41e3cac91f5b6d17ac1f4f82f91d5490aa08ccceb400da6d95d9f6504a1ea1a17

  • SSDEEP

    384:MEuV+uKaLE0wUZTrVGZdqZUaAydkWK8SYwExUuwhZUjtDdt6d8BYF68GYvxko:KVa0FjGZdapNKzZWdtMs8Pvxko

Malware Config

Targets

    • Target

      sample

    • Size

      27KB

    • MD5

      31b79f055198819b28237d3ccb063185

    • SHA1

      e55083d1c9fe496a0e3d493f8d44457b4b275203

    • SHA256

      84ff3268a06a83186a1abeb937ab22e06ef7314282af37bdb3601eab5d8f08d9

    • SHA512

      1e74a5516525d52a07daad715a58f6df6267e10d7d124774b503e203ca4b5de41e3cac91f5b6d17ac1f4f82f91d5490aa08ccceb400da6d95d9f6504a1ea1a17

    • SSDEEP

      384:MEuV+uKaLE0wUZTrVGZdqZUaAydkWK8SYwExUuwhZUjtDdt6d8BYF68GYvxko:KVa0FjGZdapNKzZWdtMs8Pvxko

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks