Overview

overview

8

Static

static

1

LDPlayer9_...ld.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LDPlayer9_ar_1101_ld.exe

  • Size

    2.1MB

  • Sample

    250327-rlpmsavpy7

  • MD5

    2b259cd02570e0d7103c70fe9a9e4d17

  • SHA1

    035fe918c59274c1fc662e7d88d0d92d1150fa19

  • SHA256

    500cd8d0e8d7eb3cf7da63dd93978bf36a07fdc6b5a844de30cf84ccb38eedc4

  • SHA512

    2547a8b631ca07270668741612a8a0d3935008a98ab538f6a14fb1cf3e8d2d82ae7bbe9fe22a495b32ee16b038aaa268b2750ed42705fbf6d080249279cdcb27

  • SSDEEP

    24576:Ezvv2Jddh0hXxwQNBH5ffUX5zAEefc5Urz5Eo7zrrdXbETyLAyNBN/8LcpmZQ4J/:22e1iify35cdrrFJAWb/8amDe8hSSw0r

Score
8/10
discoveryexecutionexploitpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      LDPlayer9_ar_1101_ld.exe

    • Size

      2.1MB

    • MD5

      2b259cd02570e0d7103c70fe9a9e4d17

    • SHA1

      035fe918c59274c1fc662e7d88d0d92d1150fa19

    • SHA256

      500cd8d0e8d7eb3cf7da63dd93978bf36a07fdc6b5a844de30cf84ccb38eedc4

    • SHA512

      2547a8b631ca07270668741612a8a0d3935008a98ab538f6a14fb1cf3e8d2d82ae7bbe9fe22a495b32ee16b038aaa268b2750ed42705fbf6d080249279cdcb27

    • SSDEEP

      24576:Ezvv2Jddh0hXxwQNBH5ffUX5zAEefc5Urz5Eo7zrrdXbETyLAyNBN/8LcpmZQ4J/:22e1iify35cdrrFJAWb/8amDe8hSSw0r

    Score
    8/10
    discoveryexecutionexploitpersistenceprivilege_escalation

    • Creates new service(s)

      persistenceexecution

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.