e8f4a32dffb74ece452add2b5cb53fcc54e86155fe28bb1c052659167b389baf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CurseForge - Installer.exe
Size

2.1MB
Sample

230131-3samzsch3v
MD5

8c6d6c9e12a4e8107ec3f80479df355a
SHA1

8fee4352677624ac29210bb24e1fa2161a0595f6
SHA256

e8f4a32dffb74ece452add2b5cb53fcc54e86155fe28bb1c052659167b389baf
SHA512

9cba3b7e41e2736ffed97208c7b203deec85ed34b387bd021a30a8711ae1d5ce509b68ca0e662e39c5f0031693bcfe19e177928cbcccd44d07100aeaf38ac728
SSDEEP

49152:+5poHrxE87vxpsrFpIvZ7kV8TNZs3zM/skBvYWNRUcS6:+MlPN+TIvZ7kVsm3zM/1gkCk

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  CurseForge - Installer.exe
- Size
  
  2.1MB
- MD5
  
  8c6d6c9e12a4e8107ec3f80479df355a
- SHA1
  
  8fee4352677624ac29210bb24e1fa2161a0595f6
- SHA256
  
  e8f4a32dffb74ece452add2b5cb53fcc54e86155fe28bb1c052659167b389baf
- SHA512
  
  9cba3b7e41e2736ffed97208c7b203deec85ed34b387bd021a30a8711ae1d5ce509b68ca0e662e39c5f0031693bcfe19e177928cbcccd44d07100aeaf38ac728
- SSDEEP
  
  49152:+5poHrxE87vxpsrFpIvZ7kV8TNZs3zM/skBvYWNRUcS6:+MlPN+TIvZ7kVsm3zM/1gkCk
Score

8^/10

persistence
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2