Overview

overview

8

Static

static

1

readerdc64.msi

windows7-x64

8

readerdc64.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    readerdc64.msi

  • Size

    103.5MB

  • Sample

    230206-2awl3abd7v

  • MD5

    9abd796043712be98c84868224be10a7

  • SHA1

    a6d7d7112cb0d6812f666a3b36163a4ea63912e7

  • SHA256

    201ca9fb37606a5bd5aaccdd8061124b9b32cb778b10789196f932d42aa09442

  • SHA512

    2e4a8768d2b377321bef74e53100e1d4ccc03d1e4ac21e8a889a9afd285ff284a64ad50f6d4725d72e61dd507a9a432e1b44338102780a05d6e9f6a74cc9cabd

  • SSDEEP

    3145728:+T3L7pvwjAumOCqRoDbyCfeUtRyk6jqf:+T3PtQCwoDbyCWUtx6jq

Score
8/10
persistence

Malware Config

Targets

    • Target

      readerdc64.msi

    • Size

      103.5MB

    • MD5

      9abd796043712be98c84868224be10a7

    • SHA1

      a6d7d7112cb0d6812f666a3b36163a4ea63912e7

    • SHA256

      201ca9fb37606a5bd5aaccdd8061124b9b32cb778b10789196f932d42aa09442

    • SHA512

      2e4a8768d2b377321bef74e53100e1d4ccc03d1e4ac21e8a889a9afd285ff284a64ad50f6d4725d72e61dd507a9a432e1b44338102780a05d6e9f6a74cc9cabd

    • SSDEEP

      3145728:+T3L7pvwjAumOCqRoDbyCfeUtRyk6jqf:+T3PtQCwoDbyCWUtx6jq

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks