General

  • Target

    temp spoofer cracked.rar

  • Size

    3.5MB

  • Sample

    241217-qlayys1mbk

  • MD5

    c4f73389dc539fbd9816570ba5af3f5d

  • SHA1

    6bee30f5ff59efba55f84e91984b7110c34022f1

  • SHA256

    5c714783a02053e809f6f90547a3a6ec3c6dc44e1bea06c91f2991ba0e8dbb74

  • SHA512

    7eba018fef56f4f9d5a26a95e083a689f35fa264d6ab759c6c469c2ab398d547a7d55a7fdbc1ecfcbf6bbb433feb8a0c687f9e411576ab8ef2b7201f96298d3f

  • SSDEEP

    49152:7XW1FwjZPHdvdXDcxXruUfiRgmSAZsU7R/pX6PhbacoVzEa+uuqe/yJuoSKbQ+VV:7WTw1V90vfiaK7twasLguoVb7wd71FLI

Malware Config

Targets

    • Target

      temp spoofer cracked.rar

    • Size

      3.5MB

    • MD5

      c4f73389dc539fbd9816570ba5af3f5d

    • SHA1

      6bee30f5ff59efba55f84e91984b7110c34022f1

    • SHA256

      5c714783a02053e809f6f90547a3a6ec3c6dc44e1bea06c91f2991ba0e8dbb74

    • SHA512

      7eba018fef56f4f9d5a26a95e083a689f35fa264d6ab759c6c469c2ab398d547a7d55a7fdbc1ecfcbf6bbb433feb8a0c687f9e411576ab8ef2b7201f96298d3f

    • SSDEEP

      49152:7XW1FwjZPHdvdXDcxXruUfiRgmSAZsU7R/pX6PhbacoVzEa+uuqe/yJuoSKbQ+VV:7WTw1V90vfiaK7twasLguoVb7wd71FLI

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand MICROSOFT.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks