General
-
Target
FirefoxPortable_132.0.1_English.paf (1).exe
-
Size
137.8MB
-
Sample
241121-sj92dasrfz
-
MD5
a2d05debd02305670e5e743e27b3fe07
-
SHA1
0ca31ac1120b69426f0df2d1c1c9bb03bad1e3e7
-
SHA256
ff5df30b5e046e13146cccc881dc36e99eaf46603d0a06ed6b3f8d8b19a7053b
-
SHA512
cded7ae284807b6dcea1db3608d76234f71ec3b737381a03d95600b32b0b2e658255d4c58382946db4f54ff61636546b5177a31f9976b5dfe854b57ed99043c3
-
SSDEEP
3145728:bbrztgaM2s2mrPTPteK/pPjQDnm469AJMdjO/5UXCwhc4aAWsiA:njarUK/pP8Dnb69hd2mX1c9HO
Malware Config
Targets
-
-
Target
FirefoxPortable_132.0.1_English.paf (1).exe
-
Size
137.8MB
-
MD5
a2d05debd02305670e5e743e27b3fe07
-
SHA1
0ca31ac1120b69426f0df2d1c1c9bb03bad1e3e7
-
SHA256
ff5df30b5e046e13146cccc881dc36e99eaf46603d0a06ed6b3f8d8b19a7053b
-
SHA512
cded7ae284807b6dcea1db3608d76234f71ec3b737381a03d95600b32b0b2e658255d4c58382946db4f54ff61636546b5177a31f9976b5dfe854b57ed99043c3
-
SSDEEP
3145728:bbrztgaM2s2mrPTPteK/pPjQDnm469AJMdjO/5UXCwhc4aAWsiA:njarUK/pP8Dnb69hd2mX1c9HO
Score6/10-
Adds Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
192639861e3dc2dc5c08bb8f8c7260d5
-
SHA1
58d30e460609e22fa0098bc27d928b689ef9af78
-
SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
-
SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
-
SSDEEP
192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
b7d61f3f56abf7b7ff0d4e7da3ad783d
-
SHA1
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e
-
SHA256
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912
-
SHA512
6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8
-
SSDEEP
96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Browser Extensions
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
7Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
2Query Registry
7System Information Discovery
7System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1