4da5c99755138be6f7f6080c93b8d9262120dfef363092edef5c11f90f9d06a0

Sharing

Copy URL

Twitter E-mail

General

Target

OINSTALL.EXE
Size

11.8MB
Sample

231006-j3rjpshh7w
MD5

ed1210b3c515ccdc89c8c919ace0d5c7
SHA1

98ad0c0de859178532ace50c5a3219f7326074f8
SHA256

4da5c99755138be6f7f6080c93b8d9262120dfef363092edef5c11f90f9d06a0
SHA512

c65f72871d819c3d9ed8c429dde870e20a284bb958cb376d7535f4e4749122d274121f836543626bdfd7f9fce227161310ef61034fc9b3f9a0a0788b7071f663
SSDEEP

196608:MxvDEJlrJ/3FMC7ujFXIDelqWRlrZOn+F2lEORWONUzoUz1SmEB9CI4J1GvrzkdN:Ww/3FMRN6el9rInQsAkUz1HOkyki+oA

Score

10^/10

upx

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.16827.20130/i640.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.16827.20130/i641033.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

Targets

- Target
  
  OINSTALL.EXE
- Size
  
  11.8MB
- MD5
  
  ed1210b3c515ccdc89c8c919ace0d5c7
- SHA1
  
  98ad0c0de859178532ace50c5a3219f7326074f8
- SHA256
  
  4da5c99755138be6f7f6080c93b8d9262120dfef363092edef5c11f90f9d06a0
- SHA512
  
  c65f72871d819c3d9ed8c429dde870e20a284bb958cb376d7535f4e4749122d274121f836543626bdfd7f9fce227161310ef61034fc9b3f9a0a0788b7071f663
- SSDEEP
  
  196608:MxvDEJlrJ/3FMC7ujFXIDelqWRlrZOn+F2lEORWONUzoUz1SmEB9CI4J1GvrzkdN:Ww/3FMRN6el9rInQsAkUz1HOkyki+oA
Score

10^/10

upx
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2