General

  • Target

    Insta.exe

  • Size

    12.8MB

  • Sample

    241126-p491bsykam

  • MD5

    82257be1736aee6d3ef49de226f11671

  • SHA1

    84c4dc5aca17f73938a52301838efc3a2708f029

  • SHA256

    b3f6008da82dde6bb604020a51b04580e7de9a4024ffbaceb9d2720164ff58f8

  • SHA512

    a0cc1eaf7c557c004178f16ecf0f1a89d4a35f0102ca409850236159a21c152a89ede9d5ff65c8b395326aa1c14e8934311a8f67aec099aed5836fbedc4743f7

  • SSDEEP

    393216:0Yzlg4gehlYs4S1sow440korYO+BJCW2:1l3MoJvrYOkg

Malware Config

Targets

    • Target

      Insta.exe

    • Size

      12.8MB

    • MD5

      82257be1736aee6d3ef49de226f11671

    • SHA1

      84c4dc5aca17f73938a52301838efc3a2708f029

    • SHA256

      b3f6008da82dde6bb604020a51b04580e7de9a4024ffbaceb9d2720164ff58f8

    • SHA512

      a0cc1eaf7c557c004178f16ecf0f1a89d4a35f0102ca409850236159a21c152a89ede9d5ff65c8b395326aa1c14e8934311a8f67aec099aed5836fbedc4743f7

    • SSDEEP

      393216:0Yzlg4gehlYs4S1sow440korYO+BJCW2:1l3MoJvrYOkg

    • Modifies WinLogon for persistence

    • UAC bypass

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks