5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f

General

Target

5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Size

141KB
MD5

e4758783b146b506e0ec42e98ad9e65c
SHA1

94eaa70c45d74a661dc660ec567c3b2bc6221144
SHA256

5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f
SHA512

5970d50bb263235b2c91547517fc5dce816462349a4aabe5cf2a5522266437b156de4dc89740df2f0cbb6e938843efef5d2ee465aad7681f32004dc21c22d7a3
SSDEEP

3072:qdxREmffv+QWp4kHfwswwjaofhPMEx56s37d+ln5IzPSF:M3EmffWSc4oxrd25I+F

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070\Blob = 040000000100000010000000ff85d9ab4cd724af6f3d7d3fc2ef9b3b0f0000000100000020000000d730cb7433f966be0da3d990d5fada4f62bb7e629a574c25ec8f60d773cccba9030000000100000014000000e6e05058c1510337f1c0d7000939c976e01e707014000000010000001400000013e24100807a4c63e6ee6a2f4715c5e1fe0e4f142000000001000000f9020000308202f5308201dda0030201020210279870039d9b9bc93f65112ef53448e9300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3234303331393137303030305a170d3239303331383137303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c661803f980f1490d14d5642db965502ee5bdc842e90c508ac6860d95bf23be740112624afc13e2d734d76fdc760cf57cf5b4f755da33b61dee9ce755e75400a63ab0e34df71050365a4e7a3f3fdc06528cc8d285658436da25190310bc288cadb49d536292016e628a33ff110fcead04ed9c8cc1db780fc88a0ed044c1f51fa24cf2b92ba486682b9f40abe75f2c96a0e44cb321dd5c89afc63453d7ce9f6b856748d1455f65cf4a3fa37980f9b54208e87cd5e30f3ee8685cb3b15b65c492b32b80c44d04e1668aa7a7e27c513d8182f10e768a9ed3810fce50ec8dfc37407512a3a61d1f637db304c1ad3a1fecc6751c0a74d0107d92b9bdb2180753e08f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e0416041413e24100807a4c63e6ee6a2f4715c5e1fe0e4f14300d06092a864886f70d01010b05000382010100938fc4ca824c7894982848f91d8ae5e6b572397f8f48de443c130629162a18d42c68f899ab77ac6107a7eb1a4c05bddb063a3171a5f9f033746e65d6bc871a4f43c968e1cd59361ee4cdd58bfd79480007f7d8800d2fcf54f6b4935cdcbff8dc9855b376ce57827e94c8fd2fc42cd7a759af9c8436f5fd5506d2e4a0c64cf720d8b5292ed4e9791dfa81f7a478c822417d0626719b9b9ca8626a92c93df56638a4de6dc4ab347b26786ad7f3bf16e9fb8d285dbc20cbf32a7f8fdc3070a197d4cd98521f7f49863ce2405099b1a28c1548f339bf8b9501b87646008e131e400818daccad01c912213a60f551decf8ae553996fba160755332c1f16dbe6750f96	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070\Blob = 1900000001000000100000000717199702ba7cba022ad970ba50b0b014000000010000001400000013e24100807a4c63e6ee6a2f4715c5e1fe0e4f14030000000100000014000000e6e05058c1510337f1c0d7000939c976e01e70700f0000000100000020000000d730cb7433f966be0da3d990d5fada4f62bb7e629a574c25ec8f60d773cccba9040000000100000010000000ff85d9ab4cd724af6f3d7d3fc2ef9b3b2000000001000000f9020000308202f5308201dda0030201020210279870039d9b9bc93f65112ef53448e9300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3234303331393137303030305a170d3239303331383137303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c661803f980f1490d14d5642db965502ee5bdc842e90c508ac6860d95bf23be740112624afc13e2d734d76fdc760cf57cf5b4f755da33b61dee9ce755e75400a63ab0e34df71050365a4e7a3f3fdc06528cc8d285658436da25190310bc288cadb49d536292016e628a33ff110fcead04ed9c8cc1db780fc88a0ed044c1f51fa24cf2b92ba486682b9f40abe75f2c96a0e44cb321dd5c89afc63453d7ce9f6b856748d1455f65cf4a3fa37980f9b54208e87cd5e30f3ee8685cb3b15b65c492b32b80c44d04e1668aa7a7e27c513d8182f10e768a9ed3810fce50ec8dfc37407512a3a61d1f637db304c1ad3a1fecc6751c0a74d0107d92b9bdb2180753e08f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e0416041413e24100807a4c63e6ee6a2f4715c5e1fe0e4f14300d06092a864886f70d01010b05000382010100938fc4ca824c7894982848f91d8ae5e6b572397f8f48de443c130629162a18d42c68f899ab77ac6107a7eb1a4c05bddb063a3171a5f9f033746e65d6bc871a4f43c968e1cd59361ee4cdd58bfd79480007f7d8800d2fcf54f6b4935cdcbff8dc9855b376ce57827e94c8fd2fc42cd7a759af9c8436f5fd5506d2e4a0c64cf720d8b5292ed4e9791dfa81f7a478c822417d0626719b9b9ca8626a92c93df56638a4de6dc4ab347b26786ad7f3bf16e9fb8d285dbc20cbf32a7f8fdc3070a197d4cd98521f7f49863ce2405099b1a28c1548f339bf8b9501b87646008e131e400818daccad01c912213a60f551decf8ae553996fba160755332c1f16dbe6750f96	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070\Blob = 0f0000000100000020000000d730cb7433f966be0da3d990d5fada4f62bb7e629a574c25ec8f60d773cccba9030000000100000014000000e6e05058c1510337f1c0d7000939c976e01e70702000000001000000f9020000308202f5308201dda0030201020210279870039d9b9bc93f65112ef53448e9300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3234303331393137303030305a170d3239303331383137303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c661803f980f1490d14d5642db965502ee5bdc842e90c508ac6860d95bf23be740112624afc13e2d734d76fdc760cf57cf5b4f755da33b61dee9ce755e75400a63ab0e34df71050365a4e7a3f3fdc06528cc8d285658436da25190310bc288cadb49d536292016e628a33ff110fcead04ed9c8cc1db780fc88a0ed044c1f51fa24cf2b92ba486682b9f40abe75f2c96a0e44cb321dd5c89afc63453d7ce9f6b856748d1455f65cf4a3fa37980f9b54208e87cd5e30f3ee8685cb3b15b65c492b32b80c44d04e1668aa7a7e27c513d8182f10e768a9ed3810fce50ec8dfc37407512a3a61d1f637db304c1ad3a1fecc6751c0a74d0107d92b9bdb2180753e08f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e0416041413e24100807a4c63e6ee6a2f4715c5e1fe0e4f14300d06092a864886f70d01010b05000382010100938fc4ca824c7894982848f91d8ae5e6b572397f8f48de443c130629162a18d42c68f899ab77ac6107a7eb1a4c05bddb063a3171a5f9f033746e65d6bc871a4f43c968e1cd59361ee4cdd58bfd79480007f7d8800d2fcf54f6b4935cdcbff8dc9855b376ce57827e94c8fd2fc42cd7a759af9c8436f5fd5506d2e4a0c64cf720d8b5292ed4e9791dfa81f7a478c822417d0626719b9b9ca8626a92c93df56638a4de6dc4ab347b26786ad7f3bf16e9fb8d285dbc20cbf32a7f8fdc3070a197d4cd98521f7f49863ce2405099b1a28c1548f339bf8b9501b87646008e131e400818daccad01c912213a60f551decf8ae553996fba160755332c1f16dbe6750f96	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070\Blob = 14000000010000001400000013e24100807a4c63e6ee6a2f4715c5e1fe0e4f14030000000100000014000000e6e05058c1510337f1c0d7000939c976e01e70700f0000000100000020000000d730cb7433f966be0da3d990d5fada4f62bb7e629a574c25ec8f60d773cccba92000000001000000f9020000308202f5308201dda0030201020210279870039d9b9bc93f65112ef53448e9300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3234303331393137303030305a170d3239303331383137303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c661803f980f1490d14d5642db965502ee5bdc842e90c508ac6860d95bf23be740112624afc13e2d734d76fdc760cf57cf5b4f755da33b61dee9ce755e75400a63ab0e34df71050365a4e7a3f3fdc06528cc8d285658436da25190310bc288cadb49d536292016e628a33ff110fcead04ed9c8cc1db780fc88a0ed044c1f51fa24cf2b92ba486682b9f40abe75f2c96a0e44cb321dd5c89afc63453d7ce9f6b856748d1455f65cf4a3fa37980f9b54208e87cd5e30f3ee8685cb3b15b65c492b32b80c44d04e1668aa7a7e27c513d8182f10e768a9ed3810fce50ec8dfc37407512a3a61d1f637db304c1ad3a1fecc6751c0a74d0107d92b9bdb2180753e08f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e0416041413e24100807a4c63e6ee6a2f4715c5e1fe0e4f14300d06092a864886f70d01010b05000382010100938fc4ca824c7894982848f91d8ae5e6b572397f8f48de443c130629162a18d42c68f899ab77ac6107a7eb1a4c05bddb063a3171a5f9f033746e65d6bc871a4f43c968e1cd59361ee4cdd58bfd79480007f7d8800d2fcf54f6b4935cdcbff8dc9855b376ce57827e94c8fd2fc42cd7a759af9c8436f5fd5506d2e4a0c64cf720d8b5292ed4e9791dfa81f7a478c822417d0626719b9b9ca8626a92c93df56638a4de6dc4ab347b26786ad7f3bf16e9fb8d285dbc20cbf32a7f8fdc3070a197d4cd98521f7f49863ce2405099b1a28c1548f339bf8b9501b87646008e131e400818daccad01c912213a60f551decf8ae553996fba160755332c1f16dbe6750f96	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe

C:\Users\Admin\AppData\Local\Temp\5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
"C:\Users\Admin\AppData\Local\Temp\5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe"
1⤵
- Modifies system certificate store
PID:1668

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1

T1553

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads