Overview

overview

8

Static

static

Figaro.Set...ha.exe

windows7_x64

7

Figaro.Set...ha.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Figaro.Setup.0.3.0-alpha.exe

  • Size

    145.1MB

  • Sample

    210701-y95vgdvj2x

  • MD5

    c858dbf2525d85c3da0dfe1ac02babd1

  • SHA1

    db0edc28830493179f01175f64a2c7307f42eaf9

  • SHA256

    b42e9f1bd2ec260009e946014fbe6c59d7c9efa598e853824ea53eb93f2091da

  • SHA512

    29353f97652f5996e8f494baf21e3d61ba4b4a27c8c0e4884cd30efa849e3a419ea20303a62641d690817cbf0c28684205dbc9bfcb0e9a4235f468e46c4c55a5

Score
8/10
discoverypyinstaller

Malware Config

Targets

    • Target

      Figaro.Setup.0.3.0-alpha.exe

    • Size

      145.1MB

    • MD5

      c858dbf2525d85c3da0dfe1ac02babd1

    • SHA1

      db0edc28830493179f01175f64a2c7307f42eaf9

    • SHA256

      b42e9f1bd2ec260009e946014fbe6c59d7c9efa598e853824ea53eb93f2091da

    • SHA512

      29353f97652f5996e8f494baf21e3d61ba4b4a27c8c0e4884cd30efa849e3a419ea20303a62641d690817cbf0c28684205dbc9bfcb0e9a4235f468e46c4c55a5

    Score
    8/10
    discoverypyinstaller

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks