585c1ffefbcbbae5811c68424e54d24147ce28138c0740dae5e86ce66aec1686 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BetternetForWindows.exe
Size

621KB
Sample

230201-b4degadc7y
MD5

8c192cfbfe08e5c362dddafd8e0e9c13
SHA1

8faf6cd8c02271d86ed86b3defa2c9aaa3a4ba3c
SHA256

585c1ffefbcbbae5811c68424e54d24147ce28138c0740dae5e86ce66aec1686
SHA512

b3a330a0af8970e062700bdab30f12547fcf6e44eebc7e7f5cbd0c4966eba0aa4865d390b81bf2899c4a6deeedf80f19465c922f1b3df1228bec2f0c8699c9f8
SSDEEP

6144:3Ya6thzb4aJJgrokyfmVwA8WALhg5TAvKuc79Nnu83aPTUA+C5+YR/ZXo8Vgy93V:3YD5bVJJgrjyi8fAUSuKVKPh+EBZX1Am

Score

8^/10

Malware Config

Targets

- Target
  
  BetternetForWindows.exe
- Size
  
  621KB
- MD5
  
  8c192cfbfe08e5c362dddafd8e0e9c13
- SHA1
  
  8faf6cd8c02271d86ed86b3defa2c9aaa3a4ba3c
- SHA256
  
  585c1ffefbcbbae5811c68424e54d24147ce28138c0740dae5e86ce66aec1686
- SHA512
  
  b3a330a0af8970e062700bdab30f12547fcf6e44eebc7e7f5cbd0c4966eba0aa4865d390b81bf2899c4a6deeedf80f19465c922f1b3df1228bec2f0c8699c9f8
- SSDEEP
  
  6144:3Ya6thzb4aJJgrokyfmVwA8WALhg5TAvKuc79Nnu83aPTUA+C5+YR/ZXo8Vgy93V:3YD5bVJJgrjyi8fAUSuKVKPh+EBZX1Am
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2