Overview

overview

10

Static

static

7

Photoshop_Set-Up.exe

windows10-2004-x64

10

out.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Photoshop_Set-Up.exe

  • Size

    2.8MB

  • Sample

    230324-a8e87abb79

  • MD5

    a1703101e525d3d87c100eff5501c3bb

  • SHA1

    485934f12ff37bff75e532d4b3e2b521c7ab55b1

  • SHA256

    cf28513dbe57a375964721f9bd7153ec09f89ada9b5b450e9cab8442c8f7a130

  • SHA512

    b3135933cf2dccb7b4f98af86c1bd32afc1c280fe5fa57bb9ad1d8491e189bbc157a612c0311e891d9b5cf1c7360504dd26173ac9e653648f5a799fb42a82373

  • SSDEEP

    49152:I51Z7F25DNGy3g9lRC8mk62yFjqGAuf75pqjf8jJPfs/kfwMflf0hchZgtysohaZ:I515F2W+8ClgduD59fVfwM/aLZ

Score
10/10
bazarloaderadobediscoverydropperloaderpersistencephishingupx

Malware Config

Targets

    • Target

      Photoshop_Set-Up.exe

    • Size

      2.8MB

    • MD5

      a1703101e525d3d87c100eff5501c3bb

    • SHA1

      485934f12ff37bff75e532d4b3e2b521c7ab55b1

    • SHA256

      cf28513dbe57a375964721f9bd7153ec09f89ada9b5b450e9cab8442c8f7a130

    • SHA512

      b3135933cf2dccb7b4f98af86c1bd32afc1c280fe5fa57bb9ad1d8491e189bbc157a612c0311e891d9b5cf1c7360504dd26173ac9e653648f5a799fb42a82373

    • SSDEEP

      49152:I51Z7F25DNGy3g9lRC8mk62yFjqGAuf75pqjf8jJPfs/kfwMflf0hchZgtysohaZ:I515F2W+8ClgduD59fVfwM/aLZ

    Score
    10/10
    bazarloaderadobediscoverydropperloaderpersistencephishingupx

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Detected adobe phishing page

      phishingadobe

    • Bazar/Team9 Loader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

    • Target

      out.upx

    • Size

      8.9MB

    • MD5

      204ef00d74a514717e1f115e15accddd

    • SHA1

      7cb776a5339c69d466fea71b302144cbda2887f1

    • SHA256

      e0a09c4b3d84e433d5cae81697821e000a68c7acb6f404665854abe2656d76bf

    • SHA512

      a6fd7a6964bfbac440f712c9085da228d125a50c3c01c60e812b5129b09e88726293be4c290336b933c3feedb68564446f1a9bf6d08d3949dc23280b3ed1af17

    • SSDEEP

      98304:oxdqTzt/xa8p55bfYzKoa2NuaZxz5NTyDaBM3trywAAUYPhOzvZbk+q:CSt5a8z5bf3raZxdaAa

    Score
    1/10
    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

6
T1012

System Information Discovery

6
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks