Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ccsetup609pro.exe
Size

50MB
Sample

230324-3hnrvscb5x
MD5

d54e3f8343b8080c9dcaebcac1223c8d
SHA1

34c2a6e3b9e9e8af547e1b4690f9438c2136d927
SHA256

31c5c9de9fa8af8f0389c81073792c2d83593da92fa71ee23a119b2d3441f2ff
SHA512

10422d7805eb85d24656d247a248a33c30ec12824d5ec6e90c2433a7d62db7825ab8708ec352bbf96c300ed2299e374b689aab0dc217e39f34f559d125390434
SSDEEP

786432:/gdvr/D9oTblmYTv98cbxXUFvXIfo1XuQ5ogTsyB3jNYqvuOK1g2szehRXWg:/gdvv9slmYj98YUFv6kAKsk5DK0zeLP

Score

8^/10

Malware Config

Targets

- Target
  
  ccsetup609pro.exe
- Size
  
  50MB
- MD5
  
  d54e3f8343b8080c9dcaebcac1223c8d
- SHA1
  
  34c2a6e3b9e9e8af547e1b4690f9438c2136d927
- SHA256
  
  31c5c9de9fa8af8f0389c81073792c2d83593da92fa71ee23a119b2d3441f2ff
- SHA512
  
  10422d7805eb85d24656d247a248a33c30ec12824d5ec6e90c2433a7d62db7825ab8708ec352bbf96c300ed2299e374b689aab0dc217e39f34f559d125390434
- SSDEEP
  
  786432:/gdvr/D9oTblmYTv98cbxXUFvXIfo1XuQ5ogTsyB3jNYqvuOK1g2szehRXWg:/gdvv9slmYj98YUFv6kAKsk5DK0zeLP
Score

8^/10

bootkit discovery persistence spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Data from Local System

T1005

Command and Control

Credential Access

Credentials in Files

T1081

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Checks for any installed AV software in registry

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Checks system information in the registry

Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2