Overview

overview

10

Static

static

1

DSinstaller-1.1.2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DSinstaller-1.1.2.exe

  • Size

    19KB

  • Sample

    230930-x1mdvseh7w

  • MD5

    8383b65992dfaf0dcd5f2ee9bfd15fa3

  • SHA1

    f504254703fff74996286859814357a2bce77c48

  • SHA256

    22114a6be48713752b52e42717e0eefb828ee81280c7e2d81367b78ed7bc44fc

  • SHA512

    ff93dbbf5a68dcd246967bef78bfdb750a86ba60e687a9eb2c0dcd067f2672c182149a3c2215def7ade973c55b7e4eb3e18886a02dcd1608210896a37a3fe1d3

  • SSDEEP

    384:0eipt2Nem91+6/I15zMSY0Ix89ZummdHw2r0Sv3P:0491Q15SxWZummdHbr3v/

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/canarddu38/DUCKSPLOIT/root/hacker/windows/versions/ds-1.1-beta.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/canarddu38/DUCKSPLOIT/root/hacker/windows/Mono.Nat.dll

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/canarddu38/DUCKSPLOIT/raw/root/hacker/windows/version.txt

Targets

    • Target

      DSinstaller-1.1.2.exe

    • Size

      19KB

    • MD5

      8383b65992dfaf0dcd5f2ee9bfd15fa3

    • SHA1

      f504254703fff74996286859814357a2bce77c48

    • SHA256

      22114a6be48713752b52e42717e0eefb828ee81280c7e2d81367b78ed7bc44fc

    • SHA512

      ff93dbbf5a68dcd246967bef78bfdb750a86ba60e687a9eb2c0dcd067f2672c182149a3c2215def7ade973c55b7e4eb3e18886a02dcd1608210896a37a3fe1d3

    • SSDEEP

      384:0eipt2Nem91+6/I15zMSY0Ix89ZummdHw2r0Sv3P:0491Q15SxWZummdHbr3v/

    Score
    10/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks