General
-
Target
download.png
-
Size
4KB
-
Sample
240701-ch39fawelp
-
MD5
a46bbc94f4baa819cb0544242ba3c23e
-
SHA1
10994eb0610cdcd338bdfc31c95df4c4135797f7
-
SHA256
ca7d8290061ee2f2c0d429d4e1fc6dd932056da95926cb40cf42d0f7838654ae
-
SHA512
2bee13fd1648bb8187ffb44cf1c16393ebef0a8d3d5794cbcbb4abd94edf6286ef20dc4e16423f1f77fb376b00c2ee6ac674190d99cc0a2fdd75f3b3f8e481a6
-
SSDEEP
96:nt5a2NIgCkt074QegAgevgWNYNvy8qTzASBmncYpGqzkqqWy9h:rNwY0VNAgeIlVy3fA2Yvphw9h
Malware Config
Targets
-
-
Target
download.png
-
Size
4KB
-
MD5
a46bbc94f4baa819cb0544242ba3c23e
-
SHA1
10994eb0610cdcd338bdfc31c95df4c4135797f7
-
SHA256
ca7d8290061ee2f2c0d429d4e1fc6dd932056da95926cb40cf42d0f7838654ae
-
SHA512
2bee13fd1648bb8187ffb44cf1c16393ebef0a8d3d5794cbcbb4abd94edf6286ef20dc4e16423f1f77fb376b00c2ee6ac674190d99cc0a2fdd75f3b3f8e481a6
-
SSDEEP
96:nt5a2NIgCkt074QegAgevgWNYNvy8qTzASBmncYpGqzkqqWy9h:rNwY0VNAgeIlVy3fA2Yvphw9h
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Browser Extensions
1Privilege Escalation
Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Defense Evasion
Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Modify Registry
2