General
-
Target
Screenshot 2024-11-22 220626.png
-
Size
462KB
-
Sample
241122-rreprsslgt
-
MD5
bed6dd625e3a7e838bcea5f3dce698b0
-
SHA1
1254f3fdf4d78815c449d166b1c8f356f220d7c6
-
SHA256
586431b613beb35df78653909e4cf25db717f1dc4b4d928e0e71f4453f9b4671
-
SHA512
29c460e57c7e47fdf7f886bb1bc72b23079c1627619c6caaad3be003f76c937e9145e29f2ea109cab08802704a9ee01f6591ac65989a06a8bfab6d14809d70d6
-
SSDEEP
12288:TknyRH3dbRMqql/tHX9Usc3HOLR5JTr7MrRW4E2rOKQ:TknudbQFX9c3HONXTPMcn2rOKQ
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2024-11-22 220626.png
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Screenshot 2024-11-22 220626.png
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Screenshot 2024-11-22 220626.png
-
Size
462KB
-
MD5
bed6dd625e3a7e838bcea5f3dce698b0
-
SHA1
1254f3fdf4d78815c449d166b1c8f356f220d7c6
-
SHA256
586431b613beb35df78653909e4cf25db717f1dc4b4d928e0e71f4453f9b4671
-
SHA512
29c460e57c7e47fdf7f886bb1bc72b23079c1627619c6caaad3be003f76c937e9145e29f2ea109cab08802704a9ee01f6591ac65989a06a8bfab6d14809d70d6
-
SSDEEP
12288:TknyRH3dbRMqql/tHX9Usc3HOLR5JTr7MrRW4E2rOKQ:TknudbQFX9c3HONXTPMcn2rOKQ
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Browser Extensions
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Account Manipulation
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1Clear Persistence
1Modify Registry
4Subvert Trust Controls
2SIP and Trust Provider Hijacking
2