Overview

overview

8

Static

static

3

Updater.zip

windows10-ltsc 2021-x64

8

Updater.exe

windows10-ltsc 2021-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Updater.zip

  • Size

    45.4MB

  • Sample

    250103-seve5azlh1

  • MD5

    7fb39ba9614ca0d7f9ee9def6ace7308

  • SHA1

    1add8a27d1142e133f247313a77b61fa54c6329c

  • SHA256

    ed139a8ece54d4c51f93219745b4d576987b2516a5d142e10d5575123129e4b3

  • SHA512

    07dcde2326bc9d2bec3e21d3dd61d96f554b634d1e2b786dea989293d4cdead0ededd80d460d3f3bf131f610d84e1d1f9b8b849a02f501d1027913f0fdec3f98

  • SSDEEP

    786432:7LbqBEAfA4m7Jmxxky85CT6m/rMyflOqbNz2JWgAPmiW0143p0s99ox76b9Ec+SE:3mbhm9mx2586m/rM6OAyWjsWs99CgKCW

Score
8/10
microsoftdefense_evasiondiscoverypersistencephishingprivilege_escalation

Malware Config

Targets

    • Target

      Updater.zip

    • Size

      45.4MB

    • MD5

      7fb39ba9614ca0d7f9ee9def6ace7308

    • SHA1

      1add8a27d1142e133f247313a77b61fa54c6329c

    • SHA256

      ed139a8ece54d4c51f93219745b4d576987b2516a5d142e10d5575123129e4b3

    • SHA512

      07dcde2326bc9d2bec3e21d3dd61d96f554b634d1e2b786dea989293d4cdead0ededd80d460d3f3bf131f610d84e1d1f9b8b849a02f501d1027913f0fdec3f98

    • SSDEEP

      786432:7LbqBEAfA4m7Jmxxky85CT6m/rMyflOqbNz2JWgAPmiW0143p0s99ox76b9Ec+SE:3mbhm9mx2586m/rM6OAyWjsWs99CgKCW

    Score
    8/10
    microsoftdefense_evasiondiscoverypersistencephishingprivilege_escalation

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand MICROSOFT.

      phishingmicrosoft

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      Updater.exe

    • Size

      49.1MB

    • MD5

      f0b6329b9fb24e78303edf1b63235179

    • SHA1

      d38813c27e5ce75378f86a2612b6c8c450c31ce3

    • SHA256

      9c99152179e5da930aa6a38b737797083374452c67d09e612e193ea6ae60ac36

    • SHA512

      222dc14217320cf899191d0d47a1706208e68553ad34b3d511b26762aef209eb89879c070e8376558d7300081574e9c5b149d50231adef2021aafc9d19b568eb

    • SSDEEP

      1572864:iWTsb692piMo7VAe4yCwDcGS7T/ZqOBv+:iWgb647qcZqc9n91

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks