Overview

overview

8

Static

static

1

bridge_2.6...US.msi

windows7-x64

7

bridge_2.6...US.msi

windows10-2004-x64

8

Resubmissions

02-02-2023 20:49

230202-zmat1sag6w 1

02-02-2023 20:46

230202-zkl49sag4w 8

02-02-2023 20:40

230202-zf838sfe83 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bridge_2.6.0_x64_en-US.msi

  • Size

    13.8MB

  • Sample

    230202-zf838sfe83

  • MD5

    9d34f5b91bf8cea768101ef518d5485f

  • SHA1

    5a74a3d7a13dedd801713b4b376372ce5bafffc6

  • SHA256

    dd3bac003b3a51881727eabebf2a03dc9658998875b755be1b41a6b98dcac2e4

  • SHA512

    a29e8ddce36663ecc85d9e874b58c494521ddfcefbd29c3b3645626a4e863567ecdd54226c524f0650e3f12c5ca7bed10ffa9ff3dd72cac19f811ce90ecec05f

  • SSDEEP

    393216:YuZjvjpxdnKUMS98zxRhVI0dQOnnqrJ9JZzx:Yu9LpvKjrhq0dQOnnqzJz

Score
8/10
persistence

Malware Config

Targets

    • Target

      bridge_2.6.0_x64_en-US.msi

    • Size

      13.8MB

    • MD5

      9d34f5b91bf8cea768101ef518d5485f

    • SHA1

      5a74a3d7a13dedd801713b4b376372ce5bafffc6

    • SHA256

      dd3bac003b3a51881727eabebf2a03dc9658998875b755be1b41a6b98dcac2e4

    • SHA512

      a29e8ddce36663ecc85d9e874b58c494521ddfcefbd29c3b3645626a4e863567ecdd54226c524f0650e3f12c5ca7bed10ffa9ff3dd72cac19f811ce90ecec05f

    • SSDEEP

      393216:YuZjvjpxdnKUMS98zxRhVI0dQOnnqrJ9JZzx:Yu9LpvKjrhq0dQOnnqzJz

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks