General

  • Target

    LANcetChat-Installer.msi

  • Size

    42.4MB

  • Sample

    240313-mw3j6sbc9s

  • MD5

    472782de132afa90060b44aef121fc8e

  • SHA1

    bc32c5ff69c8cf5eb0cd4af046ce202e1c68140c

  • SHA256

    ec1b6294a2f74cfcd017ae619f95f33cb44022bc1cc1e47b52c4e1bfeb1e3f29

  • SHA512

    9b5b636c7b3a474dd08050bbbf3be9a1741d8a9a153c217f2ef23833679cf64c52cd930c6d3632d4913e106ca002574aaa987ceea25031d4bc4c754df22bf901

  • SSDEEP

    786432:nlUcyQtNtEnHNVtRyBmH1UUWp/sxdJBt454iLWDswnvfP9uJF3Li8dY:n2crLSNC8WJpEW+AwnHP9uri

Malware Config

Targets

    • Target

      LANcetChat-Installer.msi

    • Size

      42.4MB

    • MD5

      472782de132afa90060b44aef121fc8e

    • SHA1

      bc32c5ff69c8cf5eb0cd4af046ce202e1c68140c

    • SHA256

      ec1b6294a2f74cfcd017ae619f95f33cb44022bc1cc1e47b52c4e1bfeb1e3f29

    • SHA512

      9b5b636c7b3a474dd08050bbbf3be9a1741d8a9a153c217f2ef23833679cf64c52cd930c6d3632d4913e106ca002574aaa987ceea25031d4bc4c754df22bf901

    • SSDEEP

      786432:nlUcyQtNtEnHNVtRyBmH1UUWp/sxdJBt454iLWDswnvfP9uJF3Li8dY:n2crLSNC8WJpEW+AwnHP9uri

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Blocklisted process makes network request

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks