Overview

overview

8

Static

static

1

cmlauncher.zip

windows7-x64

8

cmlauncher.zip

windows10-2004-x64

1

installer.rar

windows7-x64

3

installer.rar

windows10-2004-x64

3

winrar-x64.exe

windows7-x64

5

winrar-x64.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cmlauncher.zip

  • Size

    5.4MB

  • Sample

    240701-eja1dsyfkq

  • MD5

    4bafdeafd9dcfb5fdf156cd7bcf60ed8

  • SHA1

    08a4cf8357422a02193293b5f372c6e3e1ba8810

  • SHA256

    398ebc3476435e57bdfffbd414a1f19feb68e38cbbded7130bf8c4f5c6036e13

  • SHA512

    44df7a2b8c1bf320691030bf1fcab8f553aff35cae93214600b0505170f766270ffea3b637733cfaa1e8e914d6fc8f61c59221b66471d893596aa2fcc2a1b059

  • SSDEEP

    98304:PbzXenum2GtQL/zeyTo96Tc0I/UKkulf3u11xsTvIKD1voBhUiVuuxxCTH:PbyumFKzeyToMTW/3Vf3u1/SvtxoUi7O

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      cmlauncher.zip

    • Size

      5.4MB

    • MD5

      4bafdeafd9dcfb5fdf156cd7bcf60ed8

    • SHA1

      08a4cf8357422a02193293b5f372c6e3e1ba8810

    • SHA256

      398ebc3476435e57bdfffbd414a1f19feb68e38cbbded7130bf8c4f5c6036e13

    • SHA512

      44df7a2b8c1bf320691030bf1fcab8f553aff35cae93214600b0505170f766270ffea3b637733cfaa1e8e914d6fc8f61c59221b66471d893596aa2fcc2a1b059

    • SSDEEP

      98304:PbzXenum2GtQL/zeyTo96Tc0I/UKkulf3u11xsTvIKD1voBhUiVuuxxCTH:PbyumFKzeyToMTW/3Vf3u1/SvtxoUi7O

    Score
    8/10
    persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence
    behavioral1behavioral2

    • Target

      installer.rar

    • Size

      2.2MB

    • MD5

      932e1521933cb130a32417ebefcd7f65

    • SHA1

      6498a4ef4a5aa03a4a244a4e1786f89fcc135a18

    • SHA256

      fc9b9cc6bc5073977a2b4f50f6e0c7583106019a8e642514aa9dc11666013366

    • SHA512

      2d56ea1b910972957fe0aa0e0457f7328392b723c88f36af873278383fa19d1c802a07bc42ab5d642cfbb257886c29df271c15980ea2c077fbf27bb3e9c49a73

    • SSDEEP

      49152:WkiX7fzXIPeyum2UJCUle2JtQn7X/CI8pycA9QU3aB/F6UIS:IbzXenum2GtQL/zeyTo96TS

    Score
    3/10
    behavioral3behavioral4

    • Target

      winrar-x64.exe

    • Size

      3.3MB

    • MD5

      8a6217d94e1bcbabdd1dfcdcaa83d1b3

    • SHA1

      99b81b01f277540f38ea3e96c9c6dc2a57dfeb92

    • SHA256

      3023edb4fc3f7c2ebad157b182b62848423f6fa20d180b0df689cbb503a49684

    • SHA512

      a8f6f6fdfa9d754a577b7dd885a938fb9149f113baa2afb6352df622cdb73242175a06cd567e971fd3de93a126ba05b78178d5d512720d8fdb87ececce2cbf54

    • SSDEEP

      98304:mZjOBfKqY3fhMBexKTvsCHBviBh2GB8y0mb5:mZZ7fhMB2ovFNiKGhJ

    Score
    5/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks