General
-
Target
sample
-
Size
66KB
-
Sample
241127-r66rssxqds
-
MD5
299749c218496aa161f5b1e1d0f93fb3
-
SHA1
d21ba6054afe3d7400ca5433d16252bb90ec3550
-
SHA256
db5b2e71ad37abc08d2caf2b5d6f41fa27f5157d389e5355900447050cd14d23
-
SHA512
944d86d2cde2e9eef376bd1723dfefed49bb96f5c2c046c8823dcc0056ce743e5e4691979b471ad4ce9b7bc0c5862ae7f57946877232412c3b78a3ee58fe9d02
-
SSDEEP
1536:E69UFLCCwNieoupehNFZuSuWtWWxQRo1HrcSN2kEWjAqSpRI6ZsnVJr+YvaS0l61:j9UFLhwj1Ro1HrcSN2kEWjAqSpRI6Zs/
Malware Config
Targets
-
-
Target
sample
-
Size
66KB
-
MD5
299749c218496aa161f5b1e1d0f93fb3
-
SHA1
d21ba6054afe3d7400ca5433d16252bb90ec3550
-
SHA256
db5b2e71ad37abc08d2caf2b5d6f41fa27f5157d389e5355900447050cd14d23
-
SHA512
944d86d2cde2e9eef376bd1723dfefed49bb96f5c2c046c8823dcc0056ce743e5e4691979b471ad4ce9b7bc0c5862ae7f57946877232412c3b78a3ee58fe9d02
-
SSDEEP
1536:E69UFLCCwNieoupehNFZuSuWtWWxQRo1HrcSN2kEWjAqSpRI6ZsnVJr+YvaS0l61:j9UFLhwj1Ro1HrcSN2kEWjAqSpRI6Zs/
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Accessibility Features
1AppInit DLLs
1Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Accessibility Features
1AppInit DLLs
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Modify Registry
3Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
4System Information Discovery
2System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1