General
-
Target
AtomrineInstaller.exe
-
Size
167KB
-
Sample
241116-s5c9jasqbn
-
MD5
9ae783d31295627e8fffe5e6b28d8035
-
SHA1
475a295bca435dde7360c054b7d79c327f34bbce
-
SHA256
91784c7f6f28cc339f1e4624757b33630edf6fa74809b983e6e877d502a8dd1a
-
SHA512
cffeaa6afb11fa6c853f1c43e7e939395b23bdbb70cf5a5384405dac4af22aba73778c887ef68ba346e527c3a6261acd2387662dd9a69a2035e74435b5994bbe
-
SSDEEP
3072:cahKyd2n317N5vWp1icKAArDZz4N9GhbkENEkNgk:cahO4p0yN90vEE
Static task
static1
Behavioral task
behavioral1
Sample
AtomrineInstaller.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
AtomrineInstaller.exe
-
Size
167KB
-
MD5
9ae783d31295627e8fffe5e6b28d8035
-
SHA1
475a295bca435dde7360c054b7d79c327f34bbce
-
SHA256
91784c7f6f28cc339f1e4624757b33630edf6fa74809b983e6e877d502a8dd1a
-
SHA512
cffeaa6afb11fa6c853f1c43e7e939395b23bdbb70cf5a5384405dac4af22aba73778c887ef68ba346e527c3a6261acd2387662dd9a69a2035e74435b5994bbe
-
SSDEEP
3072:cahKyd2n317N5vWp1icKAArDZz4N9GhbkENEkNgk:cahO4p0yN90vEE
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1