General

  • Target

    Screenshot 2024-11-22 220626.png

  • Size

    462KB

  • Sample

    241122-rreprsslgt

  • MD5

    bed6dd625e3a7e838bcea5f3dce698b0

  • SHA1

    1254f3fdf4d78815c449d166b1c8f356f220d7c6

  • SHA256

    586431b613beb35df78653909e4cf25db717f1dc4b4d928e0e71f4453f9b4671

  • SHA512

    29c460e57c7e47fdf7f886bb1bc72b23079c1627619c6caaad3be003f76c937e9145e29f2ea109cab08802704a9ee01f6591ac65989a06a8bfab6d14809d70d6

  • SSDEEP

    12288:TknyRH3dbRMqql/tHX9Usc3HOLR5JTr7MrRW4E2rOKQ:TknudbQFX9c3HONXTPMcn2rOKQ

Malware Config

Targets

    • Target

      Screenshot 2024-11-22 220626.png

    • Size

      462KB

    • MD5

      bed6dd625e3a7e838bcea5f3dce698b0

    • SHA1

      1254f3fdf4d78815c449d166b1c8f356f220d7c6

    • SHA256

      586431b613beb35df78653909e4cf25db717f1dc4b4d928e0e71f4453f9b4671

    • SHA512

      29c460e57c7e47fdf7f886bb1bc72b23079c1627619c6caaad3be003f76c937e9145e29f2ea109cab08802704a9ee01f6591ac65989a06a8bfab6d14809d70d6

    • SSDEEP

      12288:TknyRH3dbRMqql/tHX9Usc3HOLR5JTr7MrRW4E2rOKQ:TknudbQFX9c3HONXTPMcn2rOKQ

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks