General
-
Target
mul-tor-windows(1).zip
-
Size
15.6MB
-
Sample
240701-mhh9dazblq
-
MD5
1e0c9ee20b8ad284fe91a8416080c756
-
SHA1
1430e5704860c508db9f1179f720550fcc24d2f7
-
SHA256
05ec4b3a9c4a2228f10871cfc979c1e0780b1a500aa1679b682b1061ec0e3ac6
-
SHA512
52b5c048c04f3eabd5caca4697b37ec3d9595c44659dadbeca63c055a69239c61850dbd70afd35cef5bc4f1e37d2ac7d6c0739e56147bf35b7c0c15264c94e57
-
SSDEEP
196608:G+aYsY58OV2iOSgw/TL3l/gXrpp+pPEIF3aKCgOQz9vimJGnt9uRwLgB28g/7CBW:COuSr/lYXlp+pPEuQ4pQ26LgwMB9h8P
Behavioral task
behavioral1
Sample
mul-tor-windows(1).zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
Mul-Tor.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
mul-tor-windows(1).zip
-
Size
15.6MB
-
MD5
1e0c9ee20b8ad284fe91a8416080c756
-
SHA1
1430e5704860c508db9f1179f720550fcc24d2f7
-
SHA256
05ec4b3a9c4a2228f10871cfc979c1e0780b1a500aa1679b682b1061ec0e3ac6
-
SHA512
52b5c048c04f3eabd5caca4697b37ec3d9595c44659dadbeca63c055a69239c61850dbd70afd35cef5bc4f1e37d2ac7d6c0739e56147bf35b7c0c15264c94e57
-
SSDEEP
196608:G+aYsY58OV2iOSgw/TL3l/gXrpp+pPEIF3aKCgOQz9vimJGnt9uRwLgB28g/7CBW:COuSr/lYXlp+pPEuQ4pQ26LgwMB9h8P
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
Mul-Tor.exe
-
Size
15.8MB
-
MD5
906405caf04d8130b73619988590a8bd
-
SHA1
cf081ea62aa9f4a473b5a286166fe3583173313b
-
SHA256
3eb6559dac0227eeabb18d0a8c7954f197853079fbc2013074d4296cd8c2a7d2
-
SHA512
17b7d9076ea88306f094292d8166331873939fccbe7a1b1fb4f1b8986f20632dfda43170b85c3b7152e84a5df1d17f6fc6a5e91d5755bbc501399dd48b8c3ef8
-
SSDEEP
196608:fi8h0sKYu/PaQ8MCvc0FwuL1A1HeT39IigwE1ncKOVVtoLSEG7pRbGNks6tQdB9l:6wQ8vcnB1+TtIiFg0VZ1pQis66cj9ly
Score7/10-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1