f43a3e6eef805925d8c3d5bdbe6aa1848bb5b4d8fca55c1e7e291e20c6a10c92

Resubmissions

25/01/2024, 17:56

240125-wjgavacbh5 7

Sharing

Copy URL Twitter E-mail

General

Target

portmaster-installer.exe
Size

6.2MB
Sample

240125-wjgavacbh5
MD5

6a1673929b17a59e4b26c1bd00b92e6d
SHA1

93e6d222c35fc77a0f013db152bbbd71f8065d2d
SHA256

f43a3e6eef805925d8c3d5bdbe6aa1848bb5b4d8fca55c1e7e291e20c6a10c92
SHA512

9806ee915cfbd6c29aa78ab27ef674567709f618e2351cdf9dc78e48c70113037c3fa8564174b23144b5eaa43a9567323dfd2a91415551910617b8d5ff438c24
SSDEEP

196608:08I09Mb8d/Mi3W3J6sIsgeEwOQo8pgjLs:5Iy/MmW38ZsgeEwNWjLs

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  portmaster-installer.exe
- Size
  
  6.2MB
- MD5
  
  6a1673929b17a59e4b26c1bd00b92e6d
- SHA1
  
  93e6d222c35fc77a0f013db152bbbd71f8065d2d
- SHA256
  
  f43a3e6eef805925d8c3d5bdbe6aa1848bb5b4d8fca55c1e7e291e20c6a10c92
- SHA512
  
  9806ee915cfbd6c29aa78ab27ef674567709f618e2351cdf9dc78e48c70113037c3fa8564174b23144b5eaa43a9567323dfd2a91415551910617b8d5ff438c24
- SSDEEP
  
  196608:08I09Mb8d/Mi3W3J6sIsgeEwOQo8pgjLs:5Iy/MmW38ZsgeEwNWjLs
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  9KB
- MD5
  
  940c56737bf9bb69ce7a31c623d4e87a
- SHA1
  
  f2f3b4e7b9c28df6687ceeaed300a793e3bac445
- SHA256
  
  766a893fe962aefd27c574cb05f25cf895d3fc70a00db5a6fa73d573f571aefc
- SHA512
  
  81c60431619d7eb826b8da997c227c4f7077cc754caa15df6e0e7ae0e33690432bc2a27a7e295998f15e33a17b3d80e492d7cc09fd70dc43daf1cfe86b8746ff
- SSDEEP
  
  192:TYw3C/LSnMoejFXnknIHbGoijTr3dBZ9KPPsnY/T0x9j:TY3LSnlepnknIHKoUrdBZ9uPsY/Ix9j
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ec9640b70e07141febbe2cd4cc42510f
- SHA1
  
  64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
- SHA256
  
  c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
- SHA512
  
  47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe
- SSDEEP
  
  192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  f27689c513e7d12c7c974d5f8ef710d6
- SHA1
  
  e305f2a2898d765a64c82c449dfb528665b4a892
- SHA256
  
  1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47
- SHA512
  
  734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc
- SSDEEP
  
  96:JpmkmwmHDPVhklfSoRPB+YSvWvZckH69MSz00vQFHhAVvSGYuHnUNy2DCP:J+PVhYfSokvW2CsQFBAVaGdHnUNR
Score

3^/10
behavioral11 behavioral12
- Target
  
  portmaster-start.exe
- Size
  
  12.4MB
- MD5
  
  b3a42120e87026f23babfe1476adbd0b
- SHA1
  
  a5b95f933bedc2c6a051d6e94b3f5d22283927ae
- SHA256
  
  93183497329e05da3a0e4aa0b5c10c0001ff4455915e7a1d32cd931bd47d57bc
- SHA512
  
  6c44b12caf28eeeafc5aea469a389395f07c631dec436268de137eb966d2e2ea373d414021c6015b05d2f2c8453fdac20ef41a1b366b99fddeef29b78974edfe
- SSDEEP
  
  98304:m7u60IfsKQK18rXWpE/3Y+/+OjJ8l4PDtjkr8BoJ3U0u9xGQF6zy:ma3rXWq/1+Ow47t7BoJ3mTJYm
Score

1^/10
behavioral13 behavioral14
- Target
  
  portmaster-uninstaller.exe
- Size
  
  483KB
- MD5
  
  93e8320c7d1369b328afbd5a7657c00b
- SHA1
  
  6276a350d50b4a2e9a7c0c0f3d9714a311eed216
- SHA256
  
  d1db2001ec0bfdbb97baa7d30facff5ee74c878a0f092ac128dbb81804d48f81
- SHA512
  
  736985639aa5c90b1e5cbf5dfec702fc0f955a536eb40abaf4c5e01781468e597f3c14f177cbb3877bb044c760bfe6ab068c25bc056a02f6eae032f870976610
- SSDEEP
  
  6144:llHXSZ8a+FdfOwRmT/WnAH9HPI9oPN8CM:U8GeAH9Hg9ol7M
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  9KB
- MD5
  
  940c56737bf9bb69ce7a31c623d4e87a
- SHA1
  
  f2f3b4e7b9c28df6687ceeaed300a793e3bac445
- SHA256
  
  766a893fe962aefd27c574cb05f25cf895d3fc70a00db5a6fa73d573f571aefc
- SHA512
  
  81c60431619d7eb826b8da997c227c4f7077cc754caa15df6e0e7ae0e33690432bc2a27a7e295998f15e33a17b3d80e492d7cc09fd70dc43daf1cfe86b8746ff
- SSDEEP
  
  192:TYw3C/LSnMoejFXnknIHbGoijTr3dBZ9KPPsnY/T0x9j:TY3LSnlepnknIHKoUrdBZ9uPsY/Ix9j
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ec9640b70e07141febbe2cd4cc42510f
- SHA1
  
  64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
- SHA256
  
  c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
- SHA512
  
  47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe
- SSDEEP
  
  192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  f27689c513e7d12c7c974d5f8ef710d6
- SHA1
  
  e305f2a2898d765a64c82c449dfb528665b4a892
- SHA256
  
  1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47
- SHA512
  
  734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc
- SSDEEP
  
  96:JpmkmwmHDPVhklfSoRPB+YSvWvZckH69MSz00vQFHhAVvSGYuHnUNy2DCP:J+PVhYfSokvW2CsQFBAVaGdHnUNR
Score

3^/10
behavioral25 behavioral26
- Target
  
  portmaster.ico
- Size
  
  108KB
- MD5
  
  b637bbf15cf3f22995146e55dd85e55e
- SHA1
  
  c42cd799bacd4a3410fe1d364b9f8acb2f972de2
- SHA256
  
  21f8b6b32a10d40eeffef74924c04e4bf01e5407111926ab0460d7099194d82e
- SHA512
  
  1459655b5ea0e67aff7ab5a821edb65687d4f96f065532514ec374210628fbbd08e885dd5c25c6c88fb7c81947a245e1cce08058623d25e0e0f493ca347b6900
- SSDEEP
  
  768:GJYDxN7i4jcw6ob3AaM0LNovFpptMHpCLs90Wosskvc:EObI8CLYmk0
Score

3^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks computer location settings

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28