a4810c4198d358bdc789a22e52fd86cb49cb9f7585f62215c6b9d0797b55113a | Triage

Submit
Reports

Overview

overview

Static

static

1

node-v10.13.0-x64.msi

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

node-v10.13.0-x64.msi
Size

16.5MB
Sample

230721-w1nfgsge78
MD5

3ac0c510b77e248b8b154b06ae90a49d
SHA1

1d368138c11c3ba2fc1243912c5fdefcc7116548
SHA256

a4810c4198d358bdc789a22e52fd86cb49cb9f7585f62215c6b9d0797b55113a
SHA512

2590a64550574ebaac0e2bbb954a7f8ef7382a9c33b62eb9c78f88b80af3c290637aea8c337c5bf55188a92349554a053aca58c2577701d92021d2b9da9694a1
SSDEEP

393216:wNIrxbb+hhXFSHPOMK1MXIAb2DmKB+wV+AI:wWx/+hxFS2M6jDmk+wV+AI

Score

10^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

node-v10.13.0-x64.msi

Resource

win10v2004-20230703-en

discovery persistence

windows10-2004-x64

25 signatures

1200 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://boxstarter.org/bootstrapper.ps1

Targets

- Target
  
  node-v10.13.0-x64.msi
- Size
  
  16.5MB
- MD5
  
  3ac0c510b77e248b8b154b06ae90a49d
- SHA1
  
  1d368138c11c3ba2fc1243912c5fdefcc7116548
- SHA256
  
  a4810c4198d358bdc789a22e52fd86cb49cb9f7585f62215c6b9d0797b55113a
- SHA512
  
  2590a64550574ebaac0e2bbb954a7f8ef7382a9c33b62eb9c78f88b80af3c290637aea8c337c5bf55188a92349554a053aca58c2577701d92021d2b9da9694a1
- SSDEEP
  
  393216:wNIrxbb+hhXFSHPOMK1MXIAb2DmKB+wV+AI:wWx/+hxFS2M6jDmk+wV+AI
Score

10^/10

discovery persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy