9371a656feffb9e8e4fe70ce3fa01352af3035b5afaddbe4332442fc1dbb8ff0

Sharing

Copy URL

Twitter E-mail

General

Target

rocketlegacy.zip
Size

9.9MB
Sample

241202-xagqpawqgt
MD5

6606e132f968e8716170f5488d179bf5
SHA1

600bf30ab4493304e30a15a0cd38cc34291b380f
SHA256

9371a656feffb9e8e4fe70ce3fa01352af3035b5afaddbe4332442fc1dbb8ff0
SHA512

d0294c4b5d0848df0ca7ec16a2cb8f126395ff165ef56ea7f2baaeb397f5874add7977356cd7a9de270f316a2c2a1bdc2d1a48f64d1b08b6f7f53f5a4027da7e
SSDEEP

196608:z60MEYvVQEpDLOfnfjB8ySXQu+ZNcwi5CKM6iDf6PoG9QZ7j:5OLpPOf7QAu4cMKM6iT6Pz98j

Score

5^/10

Malware Config

Targets

- Target
  
  My Program/RockerLegacy.exe
- Size
  
  3.8MB
- MD5
  
  46c17c999744470b689331f41eab7df1
- SHA1
  
  b8a63127df6a87d333061c622220d6d70ed80f7c
- SHA256
  
  c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
- SHA512
  
  4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
- SSDEEP
  
  98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB
Score

5^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2
- Target
  
  My Program/RockerLegacy/7zxa.dll
- Size
  
  221KB
- MD5
  
  04d3e794624a82228a7e683fdf22e182
- SHA1
  
  114b74e926913bb0a588e671025f9eb38e8b854b
- SHA256
  
  db3d0484228ed14ad8d3763f4880d36024fb27b189c91720ff147b92d46bcb5a
- SHA512
  
  b5767971f9075b5e483f9e77dcb50637eb81d70da86d655a230da6ad3dc5337d2a08038261f32e3867fde68fd33bf23a75b50e0381762becb46e859404e78d82
- SSDEEP
  
  3072:+ftOtcS7lCZc9Ltue1C+zV2zUmiRvgWDFSaRPQIDCuPK1gSBvAGfPFjaRv+PB7PT:etViwgLtun+soC1vx2Hr0/NG1E
Score

1^/10
behavioral3 behavioral4
- Target
  
  My Program/RockerLegacy/Default.SFX
- Size
  
  437KB
- MD5
  
  ab1c239d68d65d84ee139dd0c8ce8a52
- SHA1
  
  1a638556de77369151839bf7a570d972410360e3
- SHA256
  
  b83a105dda4806f7ac5e9f3b6546829b37d42d85911d1c4487b1e95bfea91e9d
- SHA512
  
  ea2306628f2079bdf5420c12af3d097c78fb3d3cd90ae2283c6f591e0751325f3af675bb257b812babb4d03f7493e2819b97fca969dc9b5031ec07bb8517ecfb
- SSDEEP
  
  12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4:xuDXTIGaPhEYzUzA0/0
Score

1^/10
behavioral5 behavioral6
- Target
  
  My Program/RockerLegacy/Default32.SFX
- Size
  
  358KB
- MD5
  
  c5bcfd921f209366b9cfed632b174a3b
- SHA1
  
  332e2aeb7bc2d4491cbe4b994dbb8ff8e55fff9f
- SHA256
  
  476e3f779d2638238ea185df6019e4fcb54b3704ad12dbd051399fcf26e6e1bf
- SHA512
  
  72c0d13fa20a7648074601d5726f02c46ea7e62761f80366c2ebdce40d95568543e11d42907d789864d178d5da73992fc50400a50fc777b1bc02a02f9276fc55
- SSDEEP
  
  6144:pVJQ3KJxNVhbU3y83OI1SFc+gcYjhLPNVOIopJrX+t4rR8o:7Jf/DdUC83OIgFc+tYjhLFH8rX+t498o
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  My Program/RockerLegacy/Rar.exe
- Size
  
  744KB
- MD5
  
  16659ae52ce03889ad19db1f5710c6aa
- SHA1
  
  66b814fe3be64229e2cc19f0a4460e123ba74971
- SHA256
  
  0b1866b627d8078d296e7d39583c9f856117be79c1d226b8c9378fe075369118
- SHA512
  
  f9dd360c3a230131c08c4d5f838457f690ed4094ec166acd9f141b7603f649cfa71a47ea80e9ff41b8296246bdc1c72a75288f9a836c18431e06c2e8e3fc8398
- SSDEEP
  
  12288:F09QJ3MbqLyQx5ooXTAl080ejQsg6Udqmoy6jEIq+EpNUstSpx:G9C3MbqyeOojATzjaPiyQq+EpNlSpx
Score

3^/10
behavioral10 behavioral9
- Target
  
  My Program/RockerLegacy/RarExt.dll
- Size
  
  636KB
- MD5
  
  1e86c3bfcc0688bdbe629ed007b184b0
- SHA1
  
  793fada637d0d462e3511af3ffaec26c33248fac
- SHA256
  
  7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef
- SHA512
  
  4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac
- SSDEEP
  
  12288:CheO83S/X2oc1fZy4CArT0pLGbNUnaC7PeUnBd3X3uK:CheOIS/GzfZpopLGbNUL2UnBd3X39
Score

1^/10
behavioral11 behavioral12
- Target
  
  My Program/RockerLegacy/RarExt32.dll
- Size
  
  541KB
- MD5
  
  24f6faa5d2e9c8fb15ae0c936bfa4545
- SHA1
  
  17f85d25f0f0c15a164eb11a34f498268677dcb0
- SHA256
  
  bd3f01e7c100422a6faae60d76da16158f6d8b3868d474e81fd657ec3c0127ef
- SHA512
  
  cd3f4dd020cad0357be2cc18459e7051d65f05b5df60a8d980152179dff6cc8dedf9fef758224e9b6adc87de9033d18daa3e09aea8af2e2a1860efc753a01380
- SSDEEP
  
  12288:WM7zuNOwsIJur4LnQkAifUsogbesSEpwpDBd3X3uQDc:WSz/ug4LQdh2es8pDBd3X3hc
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  My Program/RockerLegacy/RarExtInstaller.exe
- Size
  
  181KB
- MD5
  
  f5b54d16610a819bbc6099bdc92add2c
- SHA1
  
  7c680a87233ff7e75866657e9c1acf97d69f6579
- SHA256
  
  46f533007fb231d0b0af058a0997ab5e6b44a1b02ae327621f04fdc4b2e18964
- SHA512
  
  a120a2ee6c926cd6f6b8d1be68ff471294552b049baa637a474d1210fe3ca83e66d0834217d1a5eea0491d080cea1795ee328fdd4cb54f6a132be2dc2e58e4a8
- SSDEEP
  
  3072:YCXGYJKNlePjzWBEFxwk6m9xy7n/covzScPdpKatjS:YCXpAmzWGSk6mYc4rLDG
Score

1^/10
behavioral15 behavioral16
- Target
  
  My Program/RockerLegacy/RarExtPackage.msix
- Size
  
  23KB
- MD5
  
  4ebeb72c7da644a296a0026c061db51d
- SHA1
  
  6f94ea0eae2664c8341265d62ff7d871da702a76
- SHA256
  
  de451e233072b0d34acecf04ddc38bcad61b56a1e0218041ca0a80ad752baccf
- SHA512
  
  b4937191d5a61ebc41497938da51f6c741d3da6a9213e236cd62f82b106d311db597c613bc924c18e3bdc654f3f8526f43cf13ede0f00380ac22382713570153
- SSDEEP
  
  384:DBR015ziBz4oqvhFv+qkDmm0fxPZp7SxEDHV6sZd3NsSkI8mvC4j9tEIkTXBHhjA:PYzMzHshFvbkD9oZ06MsZd3w/abEIABS
Score

1^/10
behavioral17 behavioral18
- Target
  
  My Program/RockerLegacy/UnRAR.exe
- Size
  
  494KB
- MD5
  
  98ccd44353f7bc5bad1bc6ba9ae0cd68
- SHA1
  
  76a4e5bf8d298800c886d29f85ee629e7726052d
- SHA256
  
  e51021f6cb20efbd2169f2a2da10ce1abca58b4f5f30fbf4bae931e4ecaac99b
- SHA512
  
  d6e8146a1055a59cba5e2aaf47f6cb184acdbe28e42ec3daebf1961a91cec5904554d9d433ebf943dd3639c239ef11560fa49f00e1cff02e11cd8d3506c4125f
- SSDEEP
  
  6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
Score

3^/10
behavioral19 behavioral20
- Target
  
  My Program/RockerLegacy/Uninstall.exe
- Size
  
  477KB
- MD5
  
  4783f1a5f0bba7a6a40cb74bc8c41217
- SHA1
  
  a22b9dc8074296841a5a78ea41f0e2270f7b7ad7
- SHA256
  
  f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c
- SHA512
  
  463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e
- SSDEEP
  
  12288:9Z5zraThq5dDnHEJt1kXm+wBhvBJ/+5IISY1A9h:9Z5n2hsdDnkGXm9Bhvn/+r1+h
Score

5^/10
- Deletes itself
behavioral21 behavioral22
- Target
  
  My Program/RockerLegacy/WinCon.SFX
- Size
  
  374KB
- MD5
  
  11217b1a96e83ff6b0df1dfc0cd804e7
- SHA1
  
  fb824d799554180d7a1c42827c942eb31bedfd60
- SHA256
  
  f73f4751dc2b4493cb99e644e6a94f55b4b956b40f0709e205ddafb512cd1296
- SHA512
  
  82528862bd375e724dfd6976c3411af95472ab8355c381064d103de14376263bc497b73b2a9b343e05467cdc05c5f4a4ecc0a413ee39d40d59d999f963d51e19
- SSDEEP
  
  6144:KSyrfN+mx1KqjlxAGcQn6vGF3tUImBV15dp6zOmBjC/TGq39YyperSp:KSy731KkuQwtVXdpGjA39YPrSp
Score

1^/10
behavioral23 behavioral24
- Target
  
  My Program/RockerLegacy/WinCon32.SFX
- Size
  
  308KB
- MD5
  
  e5f0c2c4f60bd298855dfe0019c63043
- SHA1
  
  c741358d77584d9bf055c35bb7d0ac8e44231291
- SHA256
  
  a339a384b1b69d58bbaad230c2648944b08030f823e1ef2c41e870053188f878
- SHA512
  
  311805305f1c9d1d0f9b605e29799ac100e7889b36678e1b87009e71d79271c170dfcc36e589f2e79d74228e4706d8c2c6065f18bc3efff255fa7627fefa8ff7
- SSDEEP
  
  6144:Jc+iPZ8eA2KjsnHocFconGhZeD774evVSp4:5ZsKjsHpFconKeD77XSp4
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  My Program/RockerLegacy/WinRAR.chm
- Size
  
  316KB
- MD5
  
  6ca1bc8bfe8b929f448e1742dacb8e7f
- SHA1
  
  eca3e637db230fa179dcd6c6499bd7d616f211e8
- SHA256
  
  997184b6f08d36dedc2cd12ee8dc5afb5e6e4bf77f7ab10f7ade9eefdb163344
- SHA512
  
  d823f2c960a4d92129b9bda0f4f9195d32e64b929082b5efb9149546b5053021255d1dd03cb443f0a03106314554f76b94173e280a553a81e4ac2ac282877973
- SSDEEP
  
  6144:0HQbQuhUP/yv4J15/8Z0lIiFiDoQRkx79WftE+qby/919rRj+g8HR:JQuayv4V8ZMokx79WfGxI9LrPcR
Score

1^/10
behavioral27 behavioral28
- Target
  
  My Program/RockerLegacy/WinRAR.exe
- Size
  
  3.1MB
- MD5
  
  53cf9bacc49c034e9e947d75ffab9224
- SHA1
  
  7db940c68d5d351e4948f26425cd9aee09b49b3f
- SHA256
  
  3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3
- SHA512
  
  44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda
- SSDEEP
  
  49152:olh7WxDi+U/pcCz7PZTZlzdOZlUkJLF1Uac+3+fESa6HYlGBzNwui0hBdH3XK:oMgZeD+hBBquTBpnK
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral29 behavioral30
- Target
  
  My Program/RockerLegacy/Zip.SFX
- Size
  
  378KB
- MD5
  
  cd7bb857de39a930085360674b5d78e9
- SHA1
  
  77aa6120d04b05c387feaa9e3563b1e4d0cd4662
- SHA256
  
  8afbe21a3f3bccac6345aab8d99c2e8f6e01cbd96d9f0ffe58f6cb881e4638fe
- SHA512
  
  0b64fe30c4704af1ed404b287c081ad1eacbadde153a1d9b14849868bcb950f7a41d7a36e5b03ad3ccc9c0f8e2690be5d74d87aa606004854e4fd2ee81805d7c
- SSDEEP
  
  6144:p5aMJNLwL73PZPkFr1jilzqqVWk6855JKSFtIooEbQ/WX+t4:pOxPkPjQeqQ1Y53KR/WX+t4
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Event Triggered Execution: Component Object Model Hijacking

Deletes itself

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32