Resubmissions

19-09-2023 07:10

230919-hzkfjshe77 8

19-09-2023 07:02

230919-ht5vashe64 8

General

  • Target

    EvolveClientSetup.zip

  • Size

    18.3MB

  • Sample

    230919-hzkfjshe77

  • MD5

    78bd4e275654130402a8c29771f43ff6

  • SHA1

    0541d42b8442585291dcb8157cb6f2cef01a94cc

  • SHA256

    75c7301f68dc1b27ceb6831abd85d0a14f663968e8f81f69372dece58f6558be

  • SHA512

    37e692e26b248b4d12c2a55910703b022412d7e0173d5901e67a640f44017061ba37f0582ab4ec85f80fed8eaea0ec44172cc1a24325bbe00a59b65dc7d6514e

  • SSDEEP

    393216:vpCoY4McQjI+gfC6cCRG2BoOck2NmdYsriALBsDyZqDDx1wsDOyLDxO913T1Xt6+:1icYIjvRG2BoOR2N6piiLIDDVDafCY20

Malware Config

Targets

    • Target

      Setup_QandA.exe

    • Size

      19.9MB

    • MD5

      351890c1d8c26ec5fe349f748255a8e6

    • SHA1

      031778efd659bf51b8ce6ea47478ce831c998ca9

    • SHA256

      4b44999b447d328624683aa2fffb48c2c0bb78a21d2e22f75f8a240ef1815cf4

    • SHA512

      e8c414baf63a979bf0e1ea2ac14f85568d097f74433ad678662e6bc9c0bc68a22c175a35d0c827cb5c96e735d544d2f65fec095eccabff4753e077fbfc498ede

    • SSDEEP

      393216:/bVDe0GoxY20OFRe0ZLAZ/X253NwhcMz+NYBcnRb3g6rp8xdOVsDu8BBnYJGBYO/:/bVDe0G6YsFRe0ZLe/XW3NwcMy8cRbQ7

    • Downloads MZ/PE file

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks