General

  • Target

    IronArn18.exe

  • Size

    7.0MB

  • Sample

    250503-lx6sjsgm8s

  • MD5

    3a59079e322814862dfdc206741b37b6

  • SHA1

    46c9ee20cc7c6c33d82f42f07d0bde2730441b44

  • SHA256

    8f4065f20d2561f40bb6f55cbab02308e5b5e372a9cb597d2bd4f836a9b2bf1b

  • SHA512

    188b4570787fb1d68d5583e164ae5848983f64061bb034b58e40b4a5993828acd24e18a29d1eb0d9781551595e3847d5f87d249d8299120113e6481c64233f76

  • SSDEEP

    98304:noWUGQ0nuaZMKdIyWuZhCMYkcIt5FkOwSrIcUsLXRL2wbLp8FPg6XwKKmF:nLFuoMKduurH/P/XRL4P2KKmF

Malware Config

Targets

    • Target

      IronArn18.exe

    • Size

      7.0MB

    • MD5

      3a59079e322814862dfdc206741b37b6

    • SHA1

      46c9ee20cc7c6c33d82f42f07d0bde2730441b44

    • SHA256

      8f4065f20d2561f40bb6f55cbab02308e5b5e372a9cb597d2bd4f836a9b2bf1b

    • SHA512

      188b4570787fb1d68d5583e164ae5848983f64061bb034b58e40b4a5993828acd24e18a29d1eb0d9781551595e3847d5f87d249d8299120113e6481c64233f76

    • SSDEEP

      98304:noWUGQ0nuaZMKdIyWuZhCMYkcIt5FkOwSrIcUsLXRL2wbLp8FPg6XwKKmF:nLFuoMKduurH/P/XRL4P2KKmF

    • Clears Windows event logs

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Creates new service(s)

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks