General
-
Target
Roblox-Song-Sheet-text.txt
-
Size
259B
-
Sample
240701-cmqtxashnc
-
MD5
963aea559e0d8a538a582af14f3497f3
-
SHA1
90c26e4e18571ce45cb63bfe919859502b9d6730
-
SHA256
ddebb4fc3c9145bba2714f090e6c550e2133d3b9ec89be1a85922f86860b30b1
-
SHA512
626798f15e8e9e3dcf8c29cf9fb83c67bfad506035a5e4af7889539c1b1fffb2bb1f6e9adab45d42fa401270a702fb3fe2c9eac6760b9340f772157c650a9409
Malware Config
Targets
-
-
Target
Roblox-Song-Sheet-text.txt
-
Size
259B
-
MD5
963aea559e0d8a538a582af14f3497f3
-
SHA1
90c26e4e18571ce45cb63bfe919859502b9d6730
-
SHA256
ddebb4fc3c9145bba2714f090e6c550e2133d3b9ec89be1a85922f86860b30b1
-
SHA512
626798f15e8e9e3dcf8c29cf9fb83c67bfad506035a5e4af7889539c1b1fffb2bb1f6e9adab45d42fa401270a702fb3fe2c9eac6760b9340f772157c650a9409
Score8/10-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Browser Extensions
1Privilege Escalation
Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Defense Evasion
Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Modify Registry
2