General
-
Target
m3u8.m3u8
-
Size
1KB
-
Sample
241119-xda3bavmbr
-
MD5
f624f547a68982a19fddd6778e666e40
-
SHA1
eb0f01788d7594bebe5815611e38aecb69c73f1b
-
SHA256
9c626bbbe02462381065dd69c1bdee12d3a7e7bb0e310b2b8e01531debbfdf0c
-
SHA512
f1141e887219f83948d40da0223cbc6c7b6ad2626562adae4841cfae10637bae0c1d8b3ae900f6b52ede0d0de6e3f89a0445cb21c0cf5d60f5a0ca86c4a9d5cf
Malware Config
Targets
-
-
Target
m3u8.m3u8
-
Size
1KB
-
MD5
f624f547a68982a19fddd6778e666e40
-
SHA1
eb0f01788d7594bebe5815611e38aecb69c73f1b
-
SHA256
9c626bbbe02462381065dd69c1bdee12d3a7e7bb0e310b2b8e01531debbfdf0c
-
SHA512
f1141e887219f83948d40da0223cbc6c7b6ad2626562adae4841cfae10637bae0c1d8b3ae900f6b52ede0d0de6e3f89a0445cb21c0cf5d60f5a0ca86c4a9d5cf
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1