Overview

overview

8

Static

static

1

TunnelBear...er.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    TunnelBear-Installer.exe

  • Size

    144.2MB

  • Sample

    230529-hvv2gsaf5w

  • MD5

    42d02ea7377e502f2598ecc381fe0a3b

  • SHA1

    9194c5e6908480cb7feed10efb406a58bb1cc106

  • SHA256

    528fa41b114782af6d2cbda2947c73ecae5cdd971c9d12f0faceb2a2ee70ac6c

  • SHA512

    dfc569440e81b57571010710e21c24f47102f00d57c30c542d0a20f2a1d40e61a730396f0eee9c0bf7374921aa43f00bcf95098a43d282da1fcd70b14fea1137

  • SSDEEP

    3145728:M2XCodnJUxGc6XUHrNwUDhCMDIPOO0hRA9eNkdkYXyqod4ZV68:M2XCxxYX4NzYQIP0RAsIU4ZVT

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      TunnelBear-Installer.exe

    • Size

      144.2MB

    • MD5

      42d02ea7377e502f2598ecc381fe0a3b

    • SHA1

      9194c5e6908480cb7feed10efb406a58bb1cc106

    • SHA256

      528fa41b114782af6d2cbda2947c73ecae5cdd971c9d12f0faceb2a2ee70ac6c

    • SHA512

      dfc569440e81b57571010710e21c24f47102f00d57c30c542d0a20f2a1d40e61a730396f0eee9c0bf7374921aa43f00bcf95098a43d282da1fcd70b14fea1137

    • SSDEEP

      3145728:M2XCodnJUxGc6XUHrNwUDhCMDIPOO0hRA9eNkdkYXyqod4ZV68:M2XCxxYX4NzYQIP0RAsIU4ZVT

    Score
    8/10
    discoverypersistence

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

      persistence

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks