General

  • Target

    jre-8u361-windows-x64.exe

  • Size

    62.1MB

  • Sample

    230327-xkm1fseh23

  • MD5

    e70de386ebc763932a181fc37a2ad042

  • SHA1

    18e76e452b289ae2fc167667b55a81b11ec2693f

  • SHA256

    419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d

  • SHA512

    a45cb9c665a867042d0d52f085d095ac774c3f9b10febd858b26d2c899f7c2b5024586156ec572be384b226a8efc44d6757bbbc920843ce58119345bea155a0d

  • SSDEEP

    1572864:UYXYUrHHqj4AY8QOl+Kx1RwayO59accVL9NJ9fM4X:UYXYUrHqxl+KxzwayFTVL99l

Malware Config

Targets

    • Target

      jre-8u361-windows-x64.exe

    • Size

      62.1MB

    • MD5

      e70de386ebc763932a181fc37a2ad042

    • SHA1

      18e76e452b289ae2fc167667b55a81b11ec2693f

    • SHA256

      419328f3a2325b1dc27f710abd73e232e9deac47915b4dba61a697b925b5b83d

    • SHA512

      a45cb9c665a867042d0d52f085d095ac774c3f9b10febd858b26d2c899f7c2b5024586156ec572be384b226a8efc44d6757bbbc920843ce58119345bea155a0d

    • SSDEEP

      1572864:UYXYUrHHqj4AY8QOl+Kx1RwayO59accVL9NJ9fM4X:UYXYUrHqxl+KxzwayFTVL99l

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks