General

  • Target

    SharewareOnSale_Giveaway_64-bit_Ant_Download_Manager_PRO.exe

  • Size

    62.9MB

  • Sample

    240223-k6vafaea9y

  • MD5

    1eaf142855f2a9455570b0238eda5d6c

  • SHA1

    c0099ad2cf8042d8fa4c6e85f075eb390543d32a

  • SHA256

    329d465c49f2c9e4bda7d1c8b34bad50b92ffd524cc123a6109817ab023b1c19

  • SHA512

    e2a54034e98a9dbf0eabe9da733314c44a11e666725d331138510b18960b54785938f16cae0ff4921734b9db5ee924bf45188751e0512a95f6374293eaffef72

  • SSDEEP

    1572864:+YPMvZTVR3jJXINmCSc4tWm7NYskykD4q+q5fygWA6ssxSwRnB:+v9jJXINwtP7+zXD4q+4fyPVskSw

Malware Config

Targets

    • Target

      SharewareOnSale_Giveaway_64-bit_Ant_Download_Manager_PRO.exe

    • Size

      62.9MB

    • MD5

      1eaf142855f2a9455570b0238eda5d6c

    • SHA1

      c0099ad2cf8042d8fa4c6e85f075eb390543d32a

    • SHA256

      329d465c49f2c9e4bda7d1c8b34bad50b92ffd524cc123a6109817ab023b1c19

    • SHA512

      e2a54034e98a9dbf0eabe9da733314c44a11e666725d331138510b18960b54785938f16cae0ff4921734b9db5ee924bf45188751e0512a95f6374293eaffef72

    • SSDEEP

      1572864:+YPMvZTVR3jJXINmCSc4tWm7NYskykD4q+q5fygWA6ssxSwRnB:+v9jJXINwtP7+zXD4q+4fyPVskSw

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks