General
-
Target
LDPlayer9_es_1009_ld.exe
-
Size
3.4MB
-
Sample
240628-wxt4vs1erl
-
MD5
0d183c971971fe69c6c62b4bbfede0c7
-
SHA1
0ac34c620f6ab8ec1aa45312bfd54a794ebd7c28
-
SHA256
5f1ee7eac585adb1a5279041b286b4adff6ff9d29d459ca0dd05bb0d2bfe26d2
-
SHA512
c1990a97e1d1d1c93256dad443f2bc98739ca18b6e26b77a4810a190b70021aa64b77e33b387e124bc83356a3bdefadd900823f59039a2e50773c991796282fb
-
SSDEEP
49152:8LF2vxcUuniqfal7nA1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701hd:8LF2vFuniqfa21t0xOoGBiCV2HCyh
Static task
static1
Behavioral task
behavioral1
Sample
LDPlayer9_es_1009_ld.exe
Resource
win7-20240508-es
Behavioral task
behavioral2
Sample
LDPlayer9_es_1009_ld.exe
Resource
win10v2004-20240508-es
Malware Config
Targets
-
-
Target
LDPlayer9_es_1009_ld.exe
-
Size
3.4MB
-
MD5
0d183c971971fe69c6c62b4bbfede0c7
-
SHA1
0ac34c620f6ab8ec1aa45312bfd54a794ebd7c28
-
SHA256
5f1ee7eac585adb1a5279041b286b4adff6ff9d29d459ca0dd05bb0d2bfe26d2
-
SHA512
c1990a97e1d1d1c93256dad443f2bc98739ca18b6e26b77a4810a190b70021aa64b77e33b387e124bc83356a3bdefadd900823f59039a2e50773c991796282fb
-
SSDEEP
49152:8LF2vxcUuniqfal7nA1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701hd:8LF2vFuniqfa21t0xOoGBiCV2HCyh
-
Creates new service(s)
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Checks for any installed AV software in registry
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Subvert Trust Controls
2SIP and Trust Provider Hijacking
1Install Root Certificate
1File and Directory Permissions Modification
1Modify Registry
2