General
-
Target
ovisetup.exe
-
Size
4MB
-
Sample
230206-y471eaba4y
-
MD5
1692aec61ddcdda471defa199c62d25a
-
SHA1
484af221468ddb534b74e12970de80d5dfee2b28
-
SHA256
84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1
-
SHA512
19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a
-
SSDEEP
49152:9Hox6U/D1LbDxklrSWZAhizWV4yFK73bBxaaNNG0pHSdtDLboHTBWpHg6UvM98IQ:2x6qaAVpchNG0pHA57HgR
Malware Config
Targets
-
-
Target
ovisetup.exe
-
Size
4MB
-
MD5
1692aec61ddcdda471defa199c62d25a
-
SHA1
484af221468ddb534b74e12970de80d5dfee2b28
-
SHA256
84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1
-
SHA512
19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a
-
SSDEEP
49152:9Hox6U/D1LbDxklrSWZAhizWV4yFK73bBxaaNNG0pHSdtDLboHTBWpHg6UvM98IQ:2x6qaAVpchNG0pHA57HgR
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation