General

  • Target

    RazerCortexInstaller.exe

  • Size

    8.6MB

  • Sample

    240208-yb432sbf45

  • MD5

    cc42f16541090d229cd4f694e3c12dda

  • SHA1

    e730aadead56ec9b91e8887b67c4f5b683997c30

  • SHA256

    772657670015a4f966f586b8ff157892c75cda6d7b3e5446b43e7e87366768e7

  • SHA512

    603d8584d797cae3de7d3ee90e692c2f34c187c375554da0a92a173c9cf82403471a17e5c1b831db609b6492e7965c83f23c07036b73ca8504d0ca9b3ef63297

  • SSDEEP

    196608:gvQO/26iZrVG5Jf808zwUIvP4Btk3CDHKhiBm4omLvorU:sQO/DEkf8xzw734BtnSCmlmDT

Malware Config

Targets

    • Target

      RazerCortexInstaller.exe

    • Size

      8.6MB

    • MD5

      cc42f16541090d229cd4f694e3c12dda

    • SHA1

      e730aadead56ec9b91e8887b67c4f5b683997c30

    • SHA256

      772657670015a4f966f586b8ff157892c75cda6d7b3e5446b43e7e87366768e7

    • SHA512

      603d8584d797cae3de7d3ee90e692c2f34c187c375554da0a92a173c9cf82403471a17e5c1b831db609b6492e7965c83f23c07036b73ca8504d0ca9b3ef63297

    • SSDEEP

      196608:gvQO/26iZrVG5Jf808zwUIvP4Btk3CDHKhiBm4omLvorU:sQO/DEkf8xzw734BtnSCmlmDT

    • Detected google phishing page

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks