General
-
Target
Install-CookieRun_ Kingdom-GooglePlayGames-Beta.exe
-
Size
25.3MB
-
Sample
250418-cdb96aywgz
-
MD5
b25bc5ff336fd04cb088213c4edf6584
-
SHA1
a7c1aa8395ef64c4cf917e7728ed65e81f47fdb3
-
SHA256
1288f308ec81e644153a7849f6bf96bcfe5f5e295325522cea91e99f447f57a9
-
SHA512
2284639e298c5d814a0b0c466fd9028c0be948367ea85e897a551fa142f6ff91c0cb16b9da6bde50838286701757afc65edacfbfa7d1c9985e479d58f702f17a
-
SSDEEP
786432:yVqvn+uWhGe32cX5oUjNcWje5cIFCjil39:yV0+Rx32cX5TjNcWje5TFCOl39
Malware Config
Targets
-
-
Target
Install-CookieRun_ Kingdom-GooglePlayGames-Beta.exe
-
Size
25.3MB
-
MD5
b25bc5ff336fd04cb088213c4edf6584
-
SHA1
a7c1aa8395ef64c4cf917e7728ed65e81f47fdb3
-
SHA256
1288f308ec81e644153a7849f6bf96bcfe5f5e295325522cea91e99f447f57a9
-
SHA512
2284639e298c5d814a0b0c466fd9028c0be948367ea85e897a551fa142f6ff91c0cb16b9da6bde50838286701757afc65edacfbfa7d1c9985e479d58f702f17a
-
SSDEEP
786432:yVqvn+uWhGe32cX5oUjNcWje5cIFCjil39:yV0+Rx32cX5TjNcWje5TFCOl39
Score8/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v16
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1