General

  • Target

    CloverPortable_3.4.5_32_64_bit.paf.exe

  • Size

    4.9MB

  • Sample

    210906-hsz8esdger

  • MD5

    714866a057e7a1baca8163c477de1649

  • SHA1

    0c51232413e20d2f1729acc495b83a24bd9c78ff

  • SHA256

    0cd705341453bcd20ea0d533a877d955858e63e3ac79113b3029ab2f2390a848

  • SHA512

    955f5f122f110b06183cbdd0eb5e6973aba343a098b02d3917324eb411edd04207c813c73be926d8ef1602b73ac1ab9c7c39efecd7fcdd1d3189e63a7b2b05bf

Malware Config

Targets

    • Target

      CloverPortable_3.4.5_32_64_bit.paf.exe

    • Size

      4.9MB

    • MD5

      714866a057e7a1baca8163c477de1649

    • SHA1

      0c51232413e20d2f1729acc495b83a24bd9c78ff

    • SHA256

      0cd705341453bcd20ea0d533a877d955858e63e3ac79113b3029ab2f2390a848

    • SHA512

      955f5f122f110b06183cbdd0eb5e6973aba343a098b02d3917324eb411edd04207c813c73be926d8ef1602b73ac1ab9c7c39efecd7fcdd1d3189e63a7b2b05bf

    • Registers COM server for autorun

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

3
T1112

Discovery

System Information Discovery

1
T1082

Tasks