General

  • Target

    Insta乗っ取り.exe

  • Size

    12.5MB

  • Sample

    241126-l8ylbatjak

  • MD5

    d4bdcc7d36db91a0d7da0090a9e496ea

  • SHA1

    3acfed1d1c2fe455730c4c9a28aa995f58ed0c3a

  • SHA256

    e2c9484eedd028bdd863963490363fd99d3de4ddff2fc1c9a0a84f4f03183752

  • SHA512

    dedd4833f339db297c45e981c5947324d9a0790aa4e635e421af599ea48a2ae9a8517c7898b81e54301fe2720e67281914e26b12d52a5d5ca5ecc1790d12b844

  • SSDEEP

    393216:ZquJcYgQtQTwkH2OXZia78V4IyrXwJD9lta:Z7cYfPVOXcA2VyrkZls

Malware Config

Targets

    • Target

      Insta乗っ取り.exe

    • Size

      12.5MB

    • MD5

      d4bdcc7d36db91a0d7da0090a9e496ea

    • SHA1

      3acfed1d1c2fe455730c4c9a28aa995f58ed0c3a

    • SHA256

      e2c9484eedd028bdd863963490363fd99d3de4ddff2fc1c9a0a84f4f03183752

    • SHA512

      dedd4833f339db297c45e981c5947324d9a0790aa4e635e421af599ea48a2ae9a8517c7898b81e54301fe2720e67281914e26b12d52a5d5ca5ecc1790d12b844

    • SSDEEP

      393216:ZquJcYgQtQTwkH2OXZia78V4IyrXwJD9lta:Z7cYfPVOXcA2VyrkZls

    • Modifies WinLogon for persistence

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks