General
-
Target
Download (18).mp4
-
Size
5.8MB
-
Sample
241117-svd33ssgnb
-
MD5
50f39d8564e1b382e51a09b82848fa2f
-
SHA1
26aa9aa1f6c164ada3988160f3b0ce3105bf29ef
-
SHA256
345070b9388302c610b848e3f0a5ec07d86ae13b1a1059229b34f5fd6066d7b9
-
SHA512
3590e6d19de0baebbd95bec95a28679374e157100590de0f3e351d504a11fb7604525f96487ddd4285aadf6e0bdfca29e040466d6ed9bbe98dc635b81611f7f3
-
SSDEEP
98304:DjnRX6Jmj8S3jaUxLhzXLdWdSeimdoL/xc05zGvaDtWjla8PrNVrChHV7yVZ42:DbRrTjxLtXLoSf/JSvm4jla8PrCFcZz
Static task
static1
Behavioral task
behavioral1
Sample
Download (18).mp4
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
Download (18).mp4
-
Size
5.8MB
-
MD5
50f39d8564e1b382e51a09b82848fa2f
-
SHA1
26aa9aa1f6c164ada3988160f3b0ce3105bf29ef
-
SHA256
345070b9388302c610b848e3f0a5ec07d86ae13b1a1059229b34f5fd6066d7b9
-
SHA512
3590e6d19de0baebbd95bec95a28679374e157100590de0f3e351d504a11fb7604525f96487ddd4285aadf6e0bdfca29e040466d6ed9bbe98dc635b81611f7f3
-
SSDEEP
98304:DjnRX6Jmj8S3jaUxLhzXLdWdSeimdoL/xc05zGvaDtWjla8PrNVrChHV7yVZ42:DbRrTjxLtXLoSf/JSvm4jla8PrCFcZz
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1