General
-
Target
irocket-locspoof_setup.exe...zip
-
Size
3.1MB
-
Sample
240312-pgmlhsae32
-
MD5
6543e243a4a2ffd960a2a137eee72520
-
SHA1
420c6d1b237fd3ed94ab2e1f41738932c753a4fa
-
SHA256
5a4910478aa63cb878997fede6c3590473cc697418cb28740abefdcb571888b4
-
SHA512
4c4c8b2a3f7152cdd9914a3713c8f29d277dd13f0d1b6ccbaa453e382718ab31f1d3b21253996cdd2174c9cf6a4cb9b7e292886fddd37d63905d4eace7ce9678
-
SSDEEP
98304:HNEPrvdqagLKcHpf2ChFGNn03lq40gqvjkue:H2bMaST52Cho03w4vqvIL
Malware Config
Targets
-
-
Target
irocket-locspoof_setup.exe
-
Size
3.6MB
-
MD5
fb06435ec9fdc2014eab614966456c68
-
SHA1
dc2278c2a76e96ead86652bd078652f951fa748c
-
SHA256
8234e430b789faf9f2ba65bfa2cb26b74f8784ec3203742108dbede48e6e4ed5
-
SHA512
c5c70f994c0edaecf8c04439f83cf8a585e2670c44ef67dc8a9c6c21f56dad911f38d9704224800060470a5272bcf5dc9c2f62ff574907bab6d64c9486688314
-
SSDEEP
49152:t55eRaIPFApOazYVMfG/IuqvMZ68fEciAHdz/pdSwP0Aro5UlEkGcvg1x0ldVOQ:f5eRaiSZg/B5d0A3VT
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1