Setup.exe

General
Target

Setup.exe

Size

4MB

Sample

220505-bkhj3seha6

Score
10 /10
MD5

62ed80f638e9551e1e59b4ea9341bccd

SHA1

44196e8cb0f5774decf60e12215767f092c3c008

SHA256

c1143945d2559da08d0fe82b3eb88e1e7238c752b05f3b8c7970e6bd3f6c97bf

SHA512

56ba1326b1d691838a77ba3e353b17421d5602d378a73e213b7bc045d3befd304ef5a1170df5ba30ef237df9ef2b18283d19fdf23c025291763c8751ae838cad

Malware Config
Targets
Target

Setup.exe

MD5

62ed80f638e9551e1e59b4ea9341bccd

Filesize

4MB

Score
10/10
SHA1

44196e8cb0f5774decf60e12215767f092c3c008

SHA256

c1143945d2559da08d0fe82b3eb88e1e7238c752b05f3b8c7970e6bd3f6c97bf

SHA512

56ba1326b1d691838a77ba3e353b17421d5602d378a73e213b7bc045d3befd304ef5a1170df5ba30ef237df9ef2b18283d19fdf23c025291763c8751ae838cad

Tags

Signatures

  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • Executes dropped EXE

  • Possible privilege escalation attempt

    Tags

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  10/10

                  behavioral2

                  10/10