General

  • Target

    Insta乗っ取り.exe

  • Size

    12.8MB

  • Sample

    241126-nz6lnszlfz

  • MD5

    4c3ace9241d17ae64a93f313fb4392eb

  • SHA1

    6f19e4994302965abfb6442c822072737c74f20e

  • SHA256

    7f63a4a5b89d5e303a2af0ceafba3708543d058ece827856e3c0c147aa06c941

  • SHA512

    f913ab2726661193a54e2b2750c96427d0cb4624aa415e2642fdb3fee5685d2c4053521e1ec47c08bd4aaf61290e46e5a918b30de65f95cad988f7797e8128a5

  • SSDEEP

    196608:K4MYg6ZcRQPJcDpkPGnIeA842sIWk/PSF+FqzmFRE+jeqUf9XDLlh5e67Ueno7FU:K4VoRQP+DpkPW9q8qkRE+CquDJCbrJU

Malware Config

Targets

    • Target

      Insta乗っ取り.exe

    • Size

      12.8MB

    • MD5

      4c3ace9241d17ae64a93f313fb4392eb

    • SHA1

      6f19e4994302965abfb6442c822072737c74f20e

    • SHA256

      7f63a4a5b89d5e303a2af0ceafba3708543d058ece827856e3c0c147aa06c941

    • SHA512

      f913ab2726661193a54e2b2750c96427d0cb4624aa415e2642fdb3fee5685d2c4053521e1ec47c08bd4aaf61290e46e5a918b30de65f95cad988f7797e8128a5

    • SSDEEP

      196608:K4MYg6ZcRQPJcDpkPGnIeA842sIWk/PSF+FqzmFRE+jeqUf9XDLlh5e67Ueno7FU:K4VoRQP+DpkPW9q8qkRE+CquDJCbrJU

    • Modifies WinLogon for persistence

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks