General

  • Target

    TLauncher-2.879-Installer-1.1.0.exe

  • Size

    22.6MB

  • Sample

    230430-ng5xeshe74

  • MD5

    601b94e3b018e39e0da90881fe89156d

  • SHA1

    dc5340d6e1cb98c6ae2fa6882a4c7284e990705b

  • SHA256

    845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac

  • SHA512

    493c283aa3e201501843e59d593d82b3c98d2628639c95c977c9f22c268d89f7b072907d7b5d244fb7f122348277a97f7d68ce0ebdb36d7fc479c5f3c5bd33db

  • SSDEEP

    393216:+Xj4yibrRbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq+:+zCrRsHExi73qqHpg+Vvc+AmX

Malware Config

Targets

    • Target

      TLauncher-2.879-Installer-1.1.0.exe

    • Size

      22.6MB

    • MD5

      601b94e3b018e39e0da90881fe89156d

    • SHA1

      dc5340d6e1cb98c6ae2fa6882a4c7284e990705b

    • SHA256

      845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac

    • SHA512

      493c283aa3e201501843e59d593d82b3c98d2628639c95c977c9f22c268d89f7b072907d7b5d244fb7f122348277a97f7d68ce0ebdb36d7fc479c5f3c5bd33db

    • SSDEEP

      393216:+Xj4yibrRbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq+:+zCrRsHExi73qqHpg+Vvc+AmX

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Backdoor payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.