General

  • Target

    SakuraEFTcrack.exe

  • Size

    728KB

  • Sample

    220505-kc48jsffd3

  • MD5

    9c8341f6395e398dbf334312d09cb788

  • SHA1

    381b9a512af1ac8d609cfb113dfd3458528b0553

  • SHA256

    e94ca50c56a7aeaf7ba214c86706944e01447412d606d08fe5c5b25df0dc0f15

  • SHA512

    42f1f46f1be58018b46dddff8aba66f9475ef3f355a7a9765ab3b8c87d0f37cc0865a94088542285619ee4adc733036096a4fc4f5ea66862d97c8d0b28074661

Malware Config

Targets

    • Target

      SakuraEFTcrack.exe

    • Size

      728KB

    • MD5

      9c8341f6395e398dbf334312d09cb788

    • SHA1

      381b9a512af1ac8d609cfb113dfd3458528b0553

    • SHA256

      e94ca50c56a7aeaf7ba214c86706944e01447412d606d08fe5c5b25df0dc0f15

    • SHA512

      42f1f46f1be58018b46dddff8aba66f9475ef3f355a7a9765ab3b8c87d0f37cc0865a94088542285619ee4adc733036096a4fc4f5ea66862d97c8d0b28074661

    • Registers COM server for autorun

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

4
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

7
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

5
T1012

System Information Discovery

6
T1082

Peripheral Device Discovery

1
T1120

Tasks