5239a3b7491c815bc568c3bf19d21e7a69c8b2dd32958287729be5b955ed6626 | Triage

Sharing

General

Target

osu!install.exe
Size

4.3MB
Sample

230331-r71l6sag35
MD5

d7ecdc01a6a23146fad3977c8e6d5907
SHA1

9c1e6ad54c68bcd26ff7f66c1842edd3a3d77a3e
SHA256

5239a3b7491c815bc568c3bf19d21e7a69c8b2dd32958287729be5b955ed6626
SHA512

6ad8f18d93759b672baffa816bfdea30b69411a2b9b18534ecfcca7a29bfd29b1bac208d4d13e8df039b29d98b7587edffcba8717086e5143dd1fff0f22af7e4
SSDEEP

98304:7ukLsFoZM0ggZi0+VTUqHzbRmxRxpDOhe:7ukoFoJ24ie

Score

7^/10

Malware Config

Targets

- Target
  
  osu!install.exe
- Size
  
  4.3MB
- MD5
  
  d7ecdc01a6a23146fad3977c8e6d5907
- SHA1
  
  9c1e6ad54c68bcd26ff7f66c1842edd3a3d77a3e
- SHA256
  
  5239a3b7491c815bc568c3bf19d21e7a69c8b2dd32958287729be5b955ed6626
- SHA512
  
  6ad8f18d93759b672baffa816bfdea30b69411a2b9b18534ecfcca7a29bfd29b1bac208d4d13e8df039b29d98b7587edffcba8717086e5143dd1fff0f22af7e4
- SSDEEP
  
  98304:7ukLsFoZM0ggZi0+VTUqHzbRmxRxpDOhe:7ukoFoJ24ie
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2