bruteratel | c112b2f07061632926d7d8f68614de49148fb529a668dc11909edde99bbc543d

Sharing

Copy URL

Twitter E-mail

General

Target

Apache_OpenOffice_4.1.15_Win_x86_install_it.exe
Size

131.3MB
Sample

250219-r4p19ssrdl
MD5

fdcd72b4bcc8fd149f8b76289eb555cf
SHA1

47df4f80cfd62c52ec97692d226e937200bc89dc
SHA256

c112b2f07061632926d7d8f68614de49148fb529a668dc11909edde99bbc543d
SHA512

170147215603ae28b2cb16638400b277f72e5000966df1eeb75b24c63d26ead37b11361db8b5ea1cd4a93105d6ca9600e177f3c0ce77bc30de0c1a72de3fa38a
SSDEEP

3145728:xnSKtUTS2zdBQQA6tAPmbV8P+PjXHM+6HgDsSvFn7EebnhVU3FmqW:BePd+QA6LDPzsbE373fU3sz

Score

10^/10

Malware Config

Targets

- Target
  
  Apache_OpenOffice_4.1.15_Win_x86_install_it.exe
- Size
  
  131.3MB
- MD5
  
  fdcd72b4bcc8fd149f8b76289eb555cf
- SHA1
  
  47df4f80cfd62c52ec97692d226e937200bc89dc
- SHA256
  
  c112b2f07061632926d7d8f68614de49148fb529a668dc11909edde99bbc543d
- SHA512
  
  170147215603ae28b2cb16638400b277f72e5000966df1eeb75b24c63d26ead37b11361db8b5ea1cd4a93105d6ca9600e177f3c0ce77bc30de0c1a72de3fa38a
- SSDEEP
  
  3145728:xnSKtUTS2zdBQQA6tAPmbV8P+PjXHM+6HgDsSvFn7EebnhVU3FmqW:BePd+QA6LDPzsbE373fU3sz
Score

6^/10

discovery persistence privilege_escalation
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  d095b082b7c5ba4665d40d9c5042af6d
- SHA1
  
  2220277304af105ca6c56219f56f04e894b28d27
- SHA256
  
  b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
- SHA512
  
  61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
- SSDEEP
  
  192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  mbcs.py
- Size
  
  1KB
- MD5
  
  037692440a6148a06d5be8de5cd26197
- SHA1
  
  1d70e4bd36be1c153b5ef3c21e060f4da12211c8
- SHA256
  
  f6ed445ed537c9f856d8defe8b56505727737d0dc9348d0a877abedab4bdd864
- SHA512
  
  07950d19132d12b65f641c61e473b0316ecb3307a617057626ae25e9c77804331ad7286b29a20438e1a63bd201e19e4f7bb4eb3f9b6b507e9c77b2534685e12f
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  mcnttype.dll
- Size
  
  38KB
- MD5
  
  505d8718212aa7c5fc0950effb9aa042
- SHA1
  
  0176b8f75c7d132ec0a6fdb832ff44f722cfad97
- SHA256
  
  6f89d3887e90b239d4854ca0c36e5cbad110a906b2075222a3be8c727a9a49f7
- SHA512
  
  7dfba953923e342db053bf113b61de39de6227d73f9d6fdbed2b675ac58cf86afab100e751e7996e9959c9001f873d06db0c3d6830d43a03037b42ac9adc814a
- SSDEEP
  
  768:ciLmSCeNMbE2OYuSH0yXOoWV2P3vYDrXOj1UZq6:7NMbE2cSH0y82P3AfXOuZq6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  md5.py
- Size
  
  358B
- MD5
  
  2fef56daa9d26cd7dab15ef778fcd380
- SHA1
  
  f45dd00a512f774eee2eb75037c86a09850ed9c1
- SHA256
  
  2a262ea4fbec14c295e701931b2514715c0fe2f5f7c42ba41fb8efbca4008353
- SHA512
  
  d285bece7dc2c99a620cc3869bd9e6878f4d63a235c50401beae7afbc9c9efce09ec67f90236213af35c9105a19fe06efb02fdd6600dd22833ba344a6d441717
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  memusage.bsh
- Size
  
  4KB
- MD5
  
  0f82f19dcb9569cd97b1d3806b79b123
- SHA1
  
  e1a69c3d5cdf5692335b2f3ab45e0759c6b08dec
- SHA256
  
  56e6781ae6d7734f187eebe8cd01fd5d9da8ff30c7efd3d1bbc5cba07de341e2
- SHA512
  
  76e7ade09dcd07dc7cb0fd419ab990998719f8d13f08635a91de7e13aa297d64902e92ecb6d20c73e7737d4b3990d613d38f80a1a7ce7c6ac59cfa71a6edbd8c
- SSDEEP
  
  96:bQ0N7zdHfiu4kEXlr+vYZMUbiWjzgzT3wzmzpESEAB4aAk9+Bphi9W4kj6KBujUS:d7zdH4kE1SvYZbiWXiTCUpESEAB4Hk9d
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  message.py
- Size
  
  30KB
- MD5
  
  711fd3f3da69ff2431caaa9e03891dde
- SHA1
  
  e38d15be32c3e573f9d20f8028417204bed0cb6e
- SHA256
  
  7a1b7af3b53092772b6a0a7ea815e55606d23495204ad2aefaefcdc1f379a909
- SHA512
  
  fb7e12ada70b649290f9fc5ddbadca36f42abd2b2d10d74b0f887f4059483daa12fe9f752050b7c08486468b9e92da0550d174e107f4b7404e8e980a73aa1abb
- SSDEEP
  
  768:/sHGlbQDR7ZZQY4l5RgDqEYZBeWZoiSL8TQcWqnnD19Ov:/sH0GhZSl5RgDBcEWZoiSQTQcWqnnJ9I
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  message1.py
- Size
  
  1KB
- MD5
  
  ca566887c66c27525204012ed37fa0a3
- SHA1
  
  7f324bc692121ab20d9123e7caeee6e53cc10236
- SHA256
  
  a73dd0f297a5d7005bf426c6b5203bd4a83e8d5f1c98164013708a870d5c58a5
- SHA512
  
  518e8180baf9b1f86435b5aef2424d9e660b625766d887ff9dfee1a9fc82a1c94c0ca1411e8d2b12f783edc64711a278604fc94c5fdae29d1692d2cc5039d3c2
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  mhlib.py
- Size
  
  32KB
- MD5
  
  40ceb42b8e6b2fa75af5167cb096afc0
- SHA1
  
  064ab1c4a77672aa66ebf2d91af0b55936c27805
- SHA256
  
  98f0fa0847f3b8fa270925d1a556099a83b8d4ec53f09738c9475f169cf30ecb
- SHA512
  
  c0e67d365886dc6fe57cc77eacda58572e85407bd5d3793144e9d2c15e343cbc22e03774706231475ca71b01dc4e8e602736057430f2f128f1ff41144f380009
- SSDEEP
  
  384:XFlhbkz8+UH8velIkHlq7cjeh89o02iBDw/Jwfw:e68vQIkHRjC8qkDWJ5
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  migrationoo2.uno.dll
- Size
  
  80KB
- MD5
  
  e32fe082fb040432db71cb0388cdb012
- SHA1
  
  d8cad776116e9e18c9cf2ed9713fabb55e9b1ab1
- SHA256
  
  4485b75530db1bd370f5285bc193e7c32ba32e7148f6a15483598b3d1efb5137
- SHA512
  
  bfb3541e98236520e60826acbb31510c631af8362158243a10accb2923e2c5c23d918913a1bd208fcbb090386c23f7d0b87a05d812ffb061e0da07d10f28c95b
- SSDEEP
  
  1536:6We4ChL4jwzxZCQsBIAq5Vo/gMZhhHZ43Eqj5rd02OKJB97:6WOMwVZCQsBIAqU/gM5ZejFdVOKJB9
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  millennium.ots
- Size
  
  7KB
- MD5
  
  5f2f031b90538d42057eaeae73373972
- SHA1
  
  a7ef118b9c0e9f2e2e40bfeaa34b1098f601dc64
- SHA256
  
  fa1e62e1ec092a465abc6fbd4f52e30f972391c8c664c3f93c478f8d0ce3a919
- SHA512
  
  5c941dd4ccf707617466d1781945549c702cae477b6aec7af3ed1037c21b51f950d600581013825695fad9232f8c417517de3403a73ab4b0a9eeff287357861b
- SSDEEP
  
  192:fw0Ai36lyL0g550q8Z+TOYTxb2sjjwEPAWPu86xTn1z:fw0Ai3B0gv0q8Z+TRFhHw66
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  mimetools.py
- Size
  
  7KB
- MD5
  
  62c568715fa87b12f17da3b541994c6f
- SHA1
  
  087926284ece4f1ee2681610bc079753c00c1c40
- SHA256
  
  027729db4104529492717f6168b39765fd8eeb99b3ea95be838ebbedfe102d19
- SHA512
  
  456bd65e025f5ec6c308b30db2a4fc35036f1420fb9106d397096b914a0db31c349c3c3182b2e48de7db6d0c45031dd9d28157a922f0d258f0de05b0b7142981
- SSDEEP
  
  96:PCiHvUHeadjmhbO6ngvdmp6pAv/5Ql/+kBxDlxBx4nRziEync1:Pt8++mBgmp6pAvxQd+6xxxknRziEt
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  mimetypes.py
- Size
  
  20KB
- MD5
  
  8df5c61835fbd7ef34f127d907dcc394
- SHA1
  
  076a9648c14e67cb39d3ccc6f639634eaa36f3a1
- SHA256
  
  1431254c3fae705d702a49e6a84d4e9dce1195b98114cd5b08f0c0c33f5533cd
- SHA512
  
  b126214d6f2b152d2a179839dec3e2e5e3fc5987ae883d680cd829cf8cfa34005295c8dade0100871f21b149d24249b87697ee8ade012f8afb7475c7b7e88db1
- SSDEEP
  
  192:LkInbU/XoHxX5E83G9yjfR/SfRzSOfR1fRpn3H8/TGwQlyMC731SCgkb6c/SfACB:LkkU/IK829ydMzjTu191NgkamrE
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  minicompat.py
- Size
  
  3KB
- MD5
  
  193df16842b0602c053a081ad27afd2b
- SHA1
  
  515888107e18aae9b8449a60d58de2116c46f28e
- SHA256
  
  e3c0e9f2a2cecbd7a6f1cfed48d0bae2db90f6bb3f9a15867ed707bea1224330
- SHA512
  
  53ab53990bf2a3d7e61f5b5037d932ff09ddd8b9ada3f3e25dc4fe40db8cc3ea3ee1879b7a79ff5d3dd1f34f5d76e83f99f56307f5447ac43fbbc91b4ff2ef6e
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  minidom.py
- Size
  
  64KB
- MD5
  
  09b289085741253da1fcff221d0d38c1
- SHA1
  
  79a5910d9e7711ccb82681f1440c058ed6665a6d
- SHA256
  
  2091e8e2450e35f82b8bd2de80073b0154adb7b05f0db188ef2364588ad964eb
- SHA512
  
  b6745e3a3407d9f2aa824e0f03aff400acd7f251bcb8ce74cdf2f043c13cf29b68799d160435d4188dfd298ecc2af706417caa126c575c3096c2ce271a9530d1
- SSDEEP
  
  1536:jhkhrGetm1/pjbUf8ZQxkck7DIaVlai9a7riY3pNzVfFk7DcxWx8O:ef8hai9a7h3pVG
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  misc.py
- Size
  
  1KB
- MD5
  
  1417c4463e9c868dcdfb52ae22efe9ba
- SHA1
  
  659110e6ac173c0a2395e2a93713eab3d5d52ccb
- SHA256
  
  4674afb148f43d72e7b58372800a29486eaab2e73c5929a88ac8550c112cec93
- SHA512
  
  02303bfb4964d95475ae16788bc1e090b022166895e0828b0edb02bf33e0ff66514e88cebad79bba35e1b93bf60cadfc68244960ebbfc0d6a4b003246ae98da9
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops desktop.ini file(s)

Enumerates connected drives

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32