General

  • Target

    7Ne9AJ

  • Size

    7KB

  • Sample

    241230-rbb9pszjaz

  • MD5

    aa5d13590623abb5d3963a8af5dfb85d

  • SHA1

    8dcb62e75f970ac4f9f78e2558f335951b599774

  • SHA256

    4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a

  • SHA512

    94899bfebc29d4d76c1a8d0e9b787ae50386a5e8718194791d27d86eb7e67e1b0e1a9b0a4e68031905c767419bd767b9d2666ac5ffd0a8dd87c0bf842ac7282b

  • SSDEEP

    96:CMq9SlLh2B3Zq36uWl/PtxyjttJQ8Maoah3vL5LaNclmnU1Eh2sS:T1lLhwJrPahtJxMaoah3vG12sS

Malware Config

Targets

    • Target

      7Ne9AJ

    • Size

      7KB

    • MD5

      aa5d13590623abb5d3963a8af5dfb85d

    • SHA1

      8dcb62e75f970ac4f9f78e2558f335951b599774

    • SHA256

      4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a

    • SHA512

      94899bfebc29d4d76c1a8d0e9b787ae50386a5e8718194791d27d86eb7e67e1b0e1a9b0a4e68031905c767419bd767b9d2666ac5ffd0a8dd87c0bf842ac7282b

    • SSDEEP

      96:CMq9SlLh2B3Zq36uWl/PtxyjttJQ8Maoah3vL5LaNclmnU1Eh2sS:T1lLhwJrPahtJxMaoah3vG12sS

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks