General
-
Target
SetPoint6.70.55_64.exe
-
Size
82.9MB
-
Sample
230524-ndxrmscb86
-
MD5
06bf23496c4a9282b20d17d441efe515
-
SHA1
44bb6537139d796dfa9299d76585c1501ce27aad
-
SHA256
77d4f313f4112bbb6d414804d71810af918ab4ef71f55dabc2007b4086cb7bde
-
SHA512
02178c5f91d714b0bdba418eca8f118fec45a5f18de291569b6825426b8e18d1d8295d715b8f9c02fa2edfb42e6e77ee7f5494b60633730451198b41036312b4
-
SSDEEP
1572864:4QQZjiEszI9fiqE8lE2a6BKGszGzAQy+XlPM7dyoXM0ap3iIb0VAgSbCb9Z22H5P:OZjnSI9f68ljBKHS06XFM7dyxpSIb0Oy
Malware Config
Targets
-
-
Target
SetPoint6.70.55_64.exe
-
Size
82.9MB
-
MD5
06bf23496c4a9282b20d17d441efe515
-
SHA1
44bb6537139d796dfa9299d76585c1501ce27aad
-
SHA256
77d4f313f4112bbb6d414804d71810af918ab4ef71f55dabc2007b4086cb7bde
-
SHA512
02178c5f91d714b0bdba418eca8f118fec45a5f18de291569b6825426b8e18d1d8295d715b8f9c02fa2edfb42e6e77ee7f5494b60633730451198b41036312b4
-
SSDEEP
1572864:4QQZjiEszI9fiqE8lE2a6BKGszGzAQy+XlPM7dyoXM0ap3iIb0VAgSbCb9Z22H5P:OZjnSI9f68ljBKHS06XFM7dyxpSIb0Oy
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies WinLogon
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v6
Persistence
Browser Extensions
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
File and Directory Permissions Modification
1Install Root Certificate
1Modify Registry
5