Research: Furtive Malware Rises Again
Tags
| country: | Saudi Arabia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 9fa94c7d-dbba-4a96-a244-d3318ff8e1bc |
| Fingerprint | b509195fe26b0207 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 7, 2016, midnight |
| Added to db | Jan. 18, 2023, 11:19 p.m. |
| Last updated | Oct. 1, 2024, 2:42 p.m. |
| Headline | Research: Furtive Malware Rises Again |
| Title | Research: Furtive Malware Rises Again |
| Detected Hints/Tags/Attributes | 54/3/46 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | key8854321.pub |
|
| Details | File | 1 | dropper_name.exe |
|
| Details | File | 2 | key8854321.pub |
|
| Details | File | 2 | caclsrv.exe |
|
| Details | File | 3 | certutl.exe |
|
| Details | File | 13 | clean.exe |
|
| Details | File | 2 | ctrl.exe |
|
| Details | File | 2 | dfrag.exe |
|
| Details | File | 2 | dnslookup.exe |
|
| Details | File | 2 | dvdquery.exe |
|
| Details | File | 4 | event.exe |
|
| Details | File | 2 | findfile.exe |
|
| Details | File | 3 | gpget.exe |
|
| Details | File | 2 | ipsecure.exe |
|
| Details | File | 2 | iissrv.exe |
|
| Details | File | 2 | msinit.exe |
|
| Details | File | 2 | ntfrsutil.exe |
|
| Details | File | 3 | ntdsutl.exe |
|
| Details | File | 6 | power.exe |
|
| Details | File | 2 | rdsadmin.exe |
|
| Details | File | 2 | regsys.exe |
|
| Details | File | 2 | sigver.exe |
|
| Details | File | 3 | routeman.exe |
|
| Details | File | 2 | rrasrv.exe |
|
| Details | File | 2 | sacses.exe |
|
| Details | File | 2 | sfmsc.exe |
|
| Details | File | 2 | smbinit.exe |
|
| Details | File | 2 | wcscript.exe |
|
| Details | File | 2 | ntnw.exe |
|
| Details | File | 2 | netx.exe |
|
| Details | File | 2 | fsutl.exe |
|
| Details | File | 9 | extract.exe |
|
| Details | File | 1 | c:\windows\system32\netinit.exe |
|
| Details | File | 1 | %systemroot%\temp\key8854321.pub |
|
| Details | File | 2 | c:\windows\temp\key8854321.pub |
|
| Details | File | 2 | c:\windows\system32\drivers\drdisk.sys |
|
| Details | sha256 | 5 | 128fa5815c6fee68463b18051c1a1ccdf28c599ce321691686b1efa4838a2acd |
|
| Details | sha256 | 5 | 394a7ebad5dfc13d6c75945a61063470dc3b68f7a207613b79ef000e1990909b |
|
| Details | sha256 | 3 | 448ad1bc06ea26f4709159f72ed70ca199ff2176182619afa03435d38cd53237 |
|
| Details | sha256 | 5 | 47bb36cd2832a18b5ae951cf5a7d44fba6d8f5dca0a372392d40f51d1fe1ac34 |
|
| Details | sha256 | 4 | 61c1c8fc8b268127751ac565ed4abd6bdab8d2d0f2ff6074291b2d54b0228842 |
|
| Details | sha256 | 4 | 772ceedbc2cacf7b16ae967de310350e42aa47e5cef19f4423220d41501d86a5 |
|
| Details | sha256 | 7 | c7fc1f9c2bed748b50a599ee2fa609eb7c9ddaeb9cd16633ba0d10cf66891d8a |
|
| Details | sha256 | 4 | 4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6 |
|
| Details | sha256 | 3 | 5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtsSrv |