General
-
Target
TCEQ picture 2.jpeg
-
Size
3.2MB
-
Sample
241120-snz2zayaqd
-
MD5
69d332022af7daa353872b3a1d3ebe50
-
SHA1
71504e962385b8b1f935f31f80ab789f08a7ca8b
-
SHA256
2c283b173dd775b31f113932bb012c229ec69be509991fc79fc6fbcf2b884a60
-
SHA512
396f6e028fae68e5969246b3246924245ee17307e06aa8009f7b95c4fe45a78ed494d6e5bbc7ab9294db44f6bf702751f792d2f308e45a07a349b71338e7ecd6
-
SSDEEP
49152:ZoLHI+nlaeG50xUpp8b6yelLQXRDGm5vD7RdtmUYNd8FHtyteps8:iIeG57Gb6yeZQXRDdvPFmbN/epF
Malware Config
Targets
-
-
Target
TCEQ picture 2.jpeg
-
Size
3.2MB
-
MD5
69d332022af7daa353872b3a1d3ebe50
-
SHA1
71504e962385b8b1f935f31f80ab789f08a7ca8b
-
SHA256
2c283b173dd775b31f113932bb012c229ec69be509991fc79fc6fbcf2b884a60
-
SHA512
396f6e028fae68e5969246b3246924245ee17307e06aa8009f7b95c4fe45a78ed494d6e5bbc7ab9294db44f6bf702751f792d2f308e45a07a349b71338e7ecd6
-
SSDEEP
49152:ZoLHI+nlaeG50xUpp8b6yelLQXRDGm5vD7RdtmUYNd8FHtyteps8:iIeG57Gb6yeZQXRDdvPFmbN/epF
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1