General
-
Target
89ece196bbcb1473db8fd3374a488e5417fd829e280d365e603ba07688fa780d
-
Size
1.6MB
-
Sample
250211-a5f2batmdt
-
MD5
132b6c9f1fd1f1217866447fdd4fbe01
-
SHA1
fa79a5b7146d4f881bfe4b15c52edda4856ec90b
-
SHA256
89ece196bbcb1473db8fd3374a488e5417fd829e280d365e603ba07688fa780d
-
SHA512
0a9baa8c4b0be7afba519b1af3f10cb29d15beaa257f37ed3482a7f35493e708adc04ad5f6554439eec1940009bb90806a1d41b442ae4776919bc42e8cc4c1f7
-
SSDEEP
24576:VeOCnoITBKtKUFIb99eESRh0ME23JMKOuTlqLoA6D6IVPx7JDSVXT5XOt4eSyah:Vmy0V2ZMKOY31PxKXT5Xug1h
Malware Config
Targets
-
-
Target
89ece196bbcb1473db8fd3374a488e5417fd829e280d365e603ba07688fa780d
-
Size
1.6MB
-
MD5
132b6c9f1fd1f1217866447fdd4fbe01
-
SHA1
fa79a5b7146d4f881bfe4b15c52edda4856ec90b
-
SHA256
89ece196bbcb1473db8fd3374a488e5417fd829e280d365e603ba07688fa780d
-
SHA512
0a9baa8c4b0be7afba519b1af3f10cb29d15beaa257f37ed3482a7f35493e708adc04ad5f6554439eec1940009bb90806a1d41b442ae4776919bc42e8cc4c1f7
-
SSDEEP
24576:VeOCnoITBKtKUFIb99eESRh0ME23JMKOuTlqLoA6D6IVPx7JDSVXT5XOt4eSyah:Vmy0V2ZMKOY31PxKXT5Xug1h
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1