Resubmissions

10-03-2024 22:00

240310-1w1x8sch9x 8

10-03-2024 21:39

240310-1h5n9scf6s 6

10-03-2024 20:24

240310-y6vsvsbf5t 8

General

  • Target

    Modrinth App_0.6.3_x64_en-US.msi

  • Size

    7.9MB

  • Sample

    240310-y6vsvsbf5t

  • MD5

    d95ca69045ee6c82c627dc8df9d862a4

  • SHA1

    cc4f1c221d62c7480a732a5ed33f66f0fbe5c871

  • SHA256

    0893966473603deecbbfc6afa54aff221c12442840506bdbe7b99e688e27fac9

  • SHA512

    acc5d781b803e34a7a8f8edda150bce0de0b0a31b4cfa82ca142460faf835d8cf9d297b236b0a8ae44b9c94184643b8bda5e2cd783b522eeb321c5f3bce9cee4

  • SSDEEP

    196608:jgVzBx4Ei4XNCud3TT+iYKJ+OkkKsmodF8bx:s94AXjT61K8O1Ksmob8b

Malware Config

Targets

    • Target

      Modrinth App_0.6.3_x64_en-US.msi

    • Size

      7.9MB

    • MD5

      d95ca69045ee6c82c627dc8df9d862a4

    • SHA1

      cc4f1c221d62c7480a732a5ed33f66f0fbe5c871

    • SHA256

      0893966473603deecbbfc6afa54aff221c12442840506bdbe7b99e688e27fac9

    • SHA512

      acc5d781b803e34a7a8f8edda150bce0de0b0a31b4cfa82ca142460faf835d8cf9d297b236b0a8ae44b9c94184643b8bda5e2cd783b522eeb321c5f3bce9cee4

    • SSDEEP

      196608:jgVzBx4Ei4XNCud3TT+iYKJ+OkkKsmodF8bx:s94AXjT61K8O1Ksmob8b

    • Blocklisted process makes network request

    • Checks whether UAC is enabled

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks