Overview

overview

8

Static

static

1

OpenVPN-2....64.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OpenVPN-2.6.4-I001-amd64.msi

  • Size

    4.9MB

  • Sample

    230518-v87nnacb3s

  • MD5

    131ba8af1685387212eb6c7efe99f677

  • SHA1

    6d1b3c2157ad886c7b6a5945115320cbca07ab11

  • SHA256

    4539689a6571c98a190bceee43f67d92895a409213fc0a0ca6aa8a6e292ad4c6

  • SHA512

    25184bd969aed644e742b51989dad00af0443ee7228caa1a5204f06504a79189f9f19eb8e17b130bed0ef9bb81654056338042ea447ded4e378509a7e3f9ff2a

  • SSDEEP

    98304:+5LYNDTRwKPCLTHyx0Zw1plQ/QNwOrCNnk+OW9ykzYjXy:Q8JMTHgUAfiOraTOWkgYu

Score
8/10
persistence

Malware Config

Targets

    • Target

      OpenVPN-2.6.4-I001-amd64.msi

    • Size

      4.9MB

    • MD5

      131ba8af1685387212eb6c7efe99f677

    • SHA1

      6d1b3c2157ad886c7b6a5945115320cbca07ab11

    • SHA256

      4539689a6571c98a190bceee43f67d92895a409213fc0a0ca6aa8a6e292ad4c6

    • SHA512

      25184bd969aed644e742b51989dad00af0443ee7228caa1a5204f06504a79189f9f19eb8e17b130bed0ef9bb81654056338042ea447ded4e378509a7e3f9ff2a

    • SSDEEP

      98304:+5LYNDTRwKPCLTHyx0Zw1plQ/QNwOrCNnk+OW9ykzYjXy:Q8JMTHgUAfiOraTOWkgYu

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks