2fb92cd068f5f815efed191c0f238889ef0fbe015e11c7449ee5d083c0e133d7 | Triage

Sharing

General

Target

numuki-browser-web-setup.exe
Size

645KB
Sample

230512-xzfjxsgd8t
MD5

d5597d608723bc160bdef0be231c4df0
SHA1

2f1b489918025bf7f7e6e5e076aebb0d3e3c17fd
SHA256

2fb92cd068f5f815efed191c0f238889ef0fbe015e11c7449ee5d083c0e133d7
SHA512

d841cef9442422781e151eda8d003412ba8d2dd7b43558a45134eefc44520fd7eb1b6c0290ff81bd5f9ac787418a9baf46846ed8951ef582105d0351196ad8e6
SSDEEP

12288:Jgb1A7RKaDPNKT1zH3ptaR1sDfOQSvJqFZ6zMg1pPk:Jgb1iMaDu173pG1szLSvJwynzPk

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  numuki-browser-web-setup.exe
- Size
  
  645KB
- MD5
  
  d5597d608723bc160bdef0be231c4df0
- SHA1
  
  2f1b489918025bf7f7e6e5e076aebb0d3e3c17fd
- SHA256
  
  2fb92cd068f5f815efed191c0f238889ef0fbe015e11c7449ee5d083c0e133d7
- SHA512
  
  d841cef9442422781e151eda8d003412ba8d2dd7b43558a45134eefc44520fd7eb1b6c0290ff81bd5f9ac787418a9baf46846ed8951ef582105d0351196ad8e6
- SSDEEP
  
  12288:Jgb1A7RKaDPNKT1zH3ptaR1sDfOQSvJqFZ6zMg1pPk:Jgb1iMaDu173pG1szLSvJwynzPk
Score

8^/10

discovery
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2