Overview

overview

8

Static

static

1

entry_1_0/...55.msi

windows7-x64

6

entry_1_0/...55.msi

windows10-2004-x64

8

Resubmissions

22-03-2024 16:02

240322-tg6fvafg7v 8

22-03-2024 15:59

240322-te6ntsfg4v 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file_f193177c54774b64911bda96bd0e7afe_2024-03-22_15_42_42_589000.zip

  • Size

    1.7MB

  • Sample

    240322-tg6fvafg7v

  • MD5

    64048182254d24af1630a8e1673db039

  • SHA1

    9ca424ce04354f961c6a3fc529156c5cd73d34d8

  • SHA256

    ab882b85082ec2bb88b8e445682cddd5d01acd5221a6234121c3dd03128f950c

  • SHA512

    d89dbd17b700346c63f209773257126f232900b3be4da6ccc0a3f7b68f08c7bb6045a44f63b168093e99d87ace0ddf0d2754146db38f1691ec5eef330f6bb2a6

  • SSDEEP

    49152:QY1/kgbdodti4yqAb58T/G7+lDUbO78FQMZXwGW/:Qu/kbti4yqAln7+lDUbUXAwB

Score
8/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      entry_1_0/ConvertPDF_47314555.msi

    • Size

      4.0MB

    • MD5

      f7064f3abf27dc4ce190de6a52fa829b

    • SHA1

      2b84fc41ad585de7438f101ff3313804a50f2491

    • SHA256

      6a93034984b4eb700cc992dd411b1d69a5a8d23bf373a3ec8bdcc49b41188bbc

    • SHA512

      acc4d803b5b71587b401b3ebed58207648356b0d6b678bda2b93885758f62418d8af91a6b9f2755fd2ca18fd9cd49e61967781ac96246027133495d4487ee475

    • SSDEEP

      49152:ByP6leHBG5q7vj6f4dCItiGS5oW8XlT45HqhpP9gY0dB0lAwvI/oSrlpVYnaQhOH:Bplehu+WaiBrk2gBDCtaN

    Score
    8/10
    discoverypersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

5
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks