Resubmissions

14-11-2024 13:17

241114-qjqavsyqay 8

14-11-2024 13:14

241114-qgz3aatkfk 8

14-11-2024 13:11

241114-qe4mpazcla 8

13-11-2024 17:17

241113-vtzphawdld 8

General

  • Target

    VirtualBox-7.0.14-161095-Win.exe

  • Size

    106.0MB

  • Sample

    241114-qe4mpazcla

  • MD5

    cdf2059571281b67a232c4933d7632e2

  • SHA1

    5a7496a1adfb5dd3ce6b02ef51dffa0a5c0ea2c7

  • SHA256

    4719b38e7a276b43099ce4d6349e6bfc80edf644ee59d9dafd264bc7ed7691f4

  • SHA512

    bca6b7770162cf02dce019230097d107ff876c0ca6a32fd78e7a361f6a5a183698ad4d0bc026c59dff5eb43ac209434ca2e0adc3e9f6b4f9dab20fd3542c2d28

  • SSDEEP

    3145728:/GjAJr3F4hLioOZmlnZJK1pTMOZ68wsoI:/xr3uLiogmlZnwkI

Malware Config

Targets

    • Target

      VirtualBox-7.0.14-161095-Win.exe

    • Size

      106.0MB

    • MD5

      cdf2059571281b67a232c4933d7632e2

    • SHA1

      5a7496a1adfb5dd3ce6b02ef51dffa0a5c0ea2c7

    • SHA256

      4719b38e7a276b43099ce4d6349e6bfc80edf644ee59d9dafd264bc7ed7691f4

    • SHA512

      bca6b7770162cf02dce019230097d107ff876c0ca6a32fd78e7a361f6a5a183698ad4d0bc026c59dff5eb43ac209434ca2e0adc3e9f6b4f9dab20fd3542c2d28

    • SSDEEP

      3145728:/GjAJr3F4hLioOZmlnZJK1pTMOZ68wsoI:/xr3uLiogmlZnwkI

    • Drops file in Drivers directory

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks