Overview

overview

10

Static

static

CorelDRAW_...ap.exe

windows7-x64

1

CorelDRAW_...ap.exe

windows10-2004-x64

1

CorelDRAW_...64.cab

windows7-x64

1

CorelDRAW_...64.cab

windows10-2004-x64

1

CorelDRAW_...up.exe

windows7-x64

8

CorelDRAW_...up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CorelDRAW_Graphics_Suite_2021_v23.0.0.363x64.rar

  • Size

    361.4MB

  • Sample

    220924-qv95eacfdl

  • MD5

    ace4b032c47b658562398404cadc2268

  • SHA1

    4c29672512a2abbdbf750aa872b6b5e679e00f41

  • SHA256

    93b4118ac26efbb154afbade96d66df6e1fa3dc5859dc59165f277fa6b7ae473

  • SHA512

    0742b209f6fa632a0a75c323fbb8724fd772060768aaed2681f3b2c593ecce4e4d6fdf6874f37c2bb58c410cbd5e72333ee0024e9bf04890a6c6f74909dcd0e1

  • SSDEEP

    6291456:zpTDSj3TaLV8Bl0oBueLvRwr4Mtd+YXJOgMPybLud2Nw9PtMz7UugrgQ6A0RBY:zsjAEBuezRw8E+uJOlPybLud2N4PS7Kf

Score
10/10
persistencephishing

Malware Config

Targets

    • Target

      CorelDRAW_Graphics_Suite_2021_v23.0.0.363x64/Crack/Cap.exe

    • Size

      562KB

    • MD5

      f5fdc317c0812aff1a56a7cf004bb7ef

    • SHA1

      1289ab20a4b496ac2e6b6b34d1175d9f5664cafa

    • SHA256

      96555ac3ae8502aa2fc2370dc389adf88e7ce19c58265a337e106dc4df64f7e3

    • SHA512

      9c4fbd3b7c68676066dacc29483e4e72b492c5ef57bae0964ab86a0d0aae1c816a5ead740b0b955937325cf7c3cb8ebf18928c86f99912f0cfd6cadb64e33280

    • SSDEEP

      12288:wUuittyHpWBJBSFnqYEJMr+/GKCS5BRRL:NuX9AWr+OGD

    Score
    1/10
    behavioral1behavioral2

    • Target

      CorelDRAW_Graphics_Suite_2021_v23.0.0.363x64/Setup/MSIs/Common_x64.cab

    • Size

      135.8MB

    • MD5

      c634bf372d0b6f1900569580a560620f

    • SHA1

      eaa7e5f94622a8df0bf7d542fa48c9a57c29bc42

    • SHA256

      7456f92aa0d8811a39278563dfe3e15014d19b86c5b510d330c88f780f9e1c8a

    • SHA512

      3f6d6cb75b699f1fe2970c4d2a619482f77e58469e4014b348f8015573385a07ea3331d3f61d26e4d67802271f493c73fd01935fc525bfc2ad53ea094eb72122

    • SSDEEP

      3145728:ms1QMcmAOw9uP5XIFwCUgjQbjEb4ALiGnAdlLO3wjxpvss:T1Qz7OfWFxQPQ4AOddl1Tv

    Score
    1/10
    behavioral3behavioral4

    • Target

      CorelDRAW_Graphics_Suite_2021_v23.0.0.363x64/Setup/Setup.exe

    • Size

      3.3MB

    • MD5

      c5c25938fb50fa8daf7bfc58b2146d63

    • SHA1

      d589bbb283dbeec34e19dd001a0d5c549c061d56

    • SHA256

      c826676cac7e2d000e616a66ab1ece15bd2b6b7b414df17c8f418cbab1a7f5b0

    • SHA512

      b37bdac20eac9bf89dade2c109dd4b454aef92d3079b72a589f2453244a5fdca0930251e0f6f94ab9f774fe80cbb6a3bb98f57820fc46edbbd9f2f929ed8a474

    • SSDEEP

      49152:Dn9BBuO9ul3l02v25HMfnOQKTUuwbzuVI6QbJfXsiRGtd8rl/qJTEUL3U+9d6FUu:D9/eV9vBGE0JTEg3F+fpaKd/

    Score
    10/10
    persistencephishing

    • Detected phishing page

      phishing

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks