Overview

overview

7

Static

static

3

mul-tor-wi...1).zip

windows10-2004-x64

7

Mul-Tor.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mul-tor-windows(1).zip

  • Size

    15.6MB

  • Sample

    240701-mhh9dazblq

  • MD5

    1e0c9ee20b8ad284fe91a8416080c756

  • SHA1

    1430e5704860c508db9f1179f720550fcc24d2f7

  • SHA256

    05ec4b3a9c4a2228f10871cfc979c1e0780b1a500aa1679b682b1061ec0e3ac6

  • SHA512

    52b5c048c04f3eabd5caca4697b37ec3d9595c44659dadbeca63c055a69239c61850dbd70afd35cef5bc4f1e37d2ac7d6c0739e56147bf35b7c0c15264c94e57

  • SSDEEP

    196608:G+aYsY58OV2iOSgw/TL3l/gXrpp+pPEIF3aKCgOQz9vimJGnt9uRwLgB28g/7CBW:COuSr/lYXlp+pPEuQ4pQ26LgwMB9h8P

Score
7/10
discoverypersistenceprivilege_escalationpyinstaller

Malware Config

Targets

    • Target

      mul-tor-windows(1).zip

    • Size

      15.6MB

    • MD5

      1e0c9ee20b8ad284fe91a8416080c756

    • SHA1

      1430e5704860c508db9f1179f720550fcc24d2f7

    • SHA256

      05ec4b3a9c4a2228f10871cfc979c1e0780b1a500aa1679b682b1061ec0e3ac6

    • SHA512

      52b5c048c04f3eabd5caca4697b37ec3d9595c44659dadbeca63c055a69239c61850dbd70afd35cef5bc4f1e37d2ac7d6c0739e56147bf35b7c0c15264c94e57

    • SSDEEP

      196608:G+aYsY58OV2iOSgw/TL3l/gXrpp+pPEIF3aKCgOQz9vimJGnt9uRwLgB28g/7CBW:COuSr/lYXlp+pPEuQ4pQ26LgwMB9h8P

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1

    • Target

      Mul-Tor.exe

    • Size

      15.8MB

    • MD5

      906405caf04d8130b73619988590a8bd

    • SHA1

      cf081ea62aa9f4a473b5a286166fe3583173313b

    • SHA256

      3eb6559dac0227eeabb18d0a8c7954f197853079fbc2013074d4296cd8c2a7d2

    • SHA512

      17b7d9076ea88306f094292d8166331873939fccbe7a1b1fb4f1b8986f20632dfda43170b85c3b7152e84a5df1d17f6fc6a5e91d5755bbc501399dd48b8c3ef8

    • SSDEEP

      196608:fi8h0sKYu/PaQ8MCvc0FwuL1A1HeT39IigwE1ncKOVVtoLSEG7pRbGNks6tQdB9l:6wQ8vcnB1+TtIiFg0VZ1pQis66cj9ly

    Score
    7/10

    • Loads dropped DLL

    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks