5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f

General

Target

5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Size

141KB
MD5

e4758783b146b506e0ec42e98ad9e65c
SHA1

94eaa70c45d74a661dc660ec567c3b2bc6221144
SHA256

5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f
SHA512

5970d50bb263235b2c91547517fc5dce816462349a4aabe5cf2a5522266437b156de4dc89740df2f0cbb6e938843efef5d2ee465aad7681f32004dc21c22d7a3
SSDEEP

3072:qdxREmffv+QWp4kHfwswwjaofhPMEx56s37d+ln5IzPSF:M3EmffWSc4oxrd25I+F

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070\Blob = 040000000100000010000000ff85d9ab4cd724af6f3d7d3fc2ef9b3b0f0000000100000020000000d730cb7433f966be0da3d990d5fada4f62bb7e629a574c25ec8f60d773cccba9030000000100000014000000e6e05058c1510337f1c0d7000939c976e01e707014000000010000001400000013e24100807a4c63e6ee6a2f4715c5e1fe0e4f142000000001000000f9020000308202f5308201dda0030201020210279870039d9b9bc93f65112ef53448e9300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3234303331393137303030305a170d3239303331383137303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c661803f980f1490d14d5642db965502ee5bdc842e90c508ac6860d95bf23be740112624afc13e2d734d76fdc760cf57cf5b4f755da33b61dee9ce755e75400a63ab0e34df71050365a4e7a3f3fdc06528cc8d285658436da25190310bc288cadb49d536292016e628a33ff110fcead04ed9c8cc1db780fc88a0ed044c1f51fa24cf2b92ba486682b9f40abe75f2c96a0e44cb321dd5c89afc63453d7ce9f6b856748d1455f65cf4a3fa37980f9b54208e87cd5e30f3ee8685cb3b15b65c492b32b80c44d04e1668aa7a7e27c513d8182f10e768a9ed3810fce50ec8dfc37407512a3a61d1f637db304c1ad3a1fecc6751c0a74d0107d92b9bdb2180753e08f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e0416041413e24100807a4c63e6ee6a2f4715c5e1fe0e4f14300d06092a864886f70d01010b05000382010100938fc4ca824c7894982848f91d8ae5e6b572397f8f48de443c130629162a18d42c68f899ab77ac6107a7eb1a4c05bddb063a3171a5f9f033746e65d6bc871a4f43c968e1cd59361ee4cdd58bfd79480007f7d8800d2fcf54f6b4935cdcbff8dc9855b376ce57827e94c8fd2fc42cd7a759af9c8436f5fd5506d2e4a0c64cf720d8b5292ed4e9791dfa81f7a478c822417d0626719b9b9ca8626a92c93df56638a4de6dc4ab347b26786ad7f3bf16e9fb8d285dbc20cbf32a7f8fdc3070a197d4cd98521f7f49863ce2405099b1a28c1548f339bf8b9501b87646008e131e400818daccad01c912213a60f551decf8ae553996fba160755332c1f16dbe6750f96	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070\Blob = 1900000001000000100000000717199702ba7cba022ad970ba50b0b014000000010000001400000013e24100807a4c63e6ee6a2f4715c5e1fe0e4f14030000000100000014000000e6e05058c1510337f1c0d7000939c976e01e70700f0000000100000020000000d730cb7433f966be0da3d990d5fada4f62bb7e629a574c25ec8f60d773cccba9040000000100000010000000ff85d9ab4cd724af6f3d7d3fc2ef9b3b2000000001000000f9020000308202f5308201dda0030201020210279870039d9b9bc93f65112ef53448e9300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3234303331393137303030305a170d3239303331383137303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c661803f980f1490d14d5642db965502ee5bdc842e90c508ac6860d95bf23be740112624afc13e2d734d76fdc760cf57cf5b4f755da33b61dee9ce755e75400a63ab0e34df71050365a4e7a3f3fdc06528cc8d285658436da25190310bc288cadb49d536292016e628a33ff110fcead04ed9c8cc1db780fc88a0ed044c1f51fa24cf2b92ba486682b9f40abe75f2c96a0e44cb321dd5c89afc63453d7ce9f6b856748d1455f65cf4a3fa37980f9b54208e87cd5e30f3ee8685cb3b15b65c492b32b80c44d04e1668aa7a7e27c513d8182f10e768a9ed3810fce50ec8dfc37407512a3a61d1f637db304c1ad3a1fecc6751c0a74d0107d92b9bdb2180753e08f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e0416041413e24100807a4c63e6ee6a2f4715c5e1fe0e4f14300d06092a864886f70d01010b05000382010100938fc4ca824c7894982848f91d8ae5e6b572397f8f48de443c130629162a18d42c68f899ab77ac6107a7eb1a4c05bddb063a3171a5f9f033746e65d6bc871a4f43c968e1cd59361ee4cdd58bfd79480007f7d8800d2fcf54f6b4935cdcbff8dc9855b376ce57827e94c8fd2fc42cd7a759af9c8436f5fd5506d2e4a0c64cf720d8b5292ed4e9791dfa81f7a478c822417d0626719b9b9ca8626a92c93df56638a4de6dc4ab347b26786ad7f3bf16e9fb8d285dbc20cbf32a7f8fdc3070a197d4cd98521f7f49863ce2405099b1a28c1548f339bf8b9501b87646008e131e400818daccad01c912213a60f551decf8ae553996fba160755332c1f16dbe6750f96	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070\Blob = 0f0000000100000020000000d730cb7433f966be0da3d990d5fada4f62bb7e629a574c25ec8f60d773cccba9030000000100000014000000e6e05058c1510337f1c0d7000939c976e01e70702000000001000000f9020000308202f5308201dda0030201020210279870039d9b9bc93f65112ef53448e9300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3234303331393137303030305a170d3239303331383137303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c661803f980f1490d14d5642db965502ee5bdc842e90c508ac6860d95bf23be740112624afc13e2d734d76fdc760cf57cf5b4f755da33b61dee9ce755e75400a63ab0e34df71050365a4e7a3f3fdc06528cc8d285658436da25190310bc288cadb49d536292016e628a33ff110fcead04ed9c8cc1db780fc88a0ed044c1f51fa24cf2b92ba486682b9f40abe75f2c96a0e44cb321dd5c89afc63453d7ce9f6b856748d1455f65cf4a3fa37980f9b54208e87cd5e30f3ee8685cb3b15b65c492b32b80c44d04e1668aa7a7e27c513d8182f10e768a9ed3810fce50ec8dfc37407512a3a61d1f637db304c1ad3a1fecc6751c0a74d0107d92b9bdb2180753e08f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e0416041413e24100807a4c63e6ee6a2f4715c5e1fe0e4f14300d06092a864886f70d01010b05000382010100938fc4ca824c7894982848f91d8ae5e6b572397f8f48de443c130629162a18d42c68f899ab77ac6107a7eb1a4c05bddb063a3171a5f9f033746e65d6bc871a4f43c968e1cd59361ee4cdd58bfd79480007f7d8800d2fcf54f6b4935cdcbff8dc9855b376ce57827e94c8fd2fc42cd7a759af9c8436f5fd5506d2e4a0c64cf720d8b5292ed4e9791dfa81f7a478c822417d0626719b9b9ca8626a92c93df56638a4de6dc4ab347b26786ad7f3bf16e9fb8d285dbc20cbf32a7f8fdc3070a197d4cd98521f7f49863ce2405099b1a28c1548f339bf8b9501b87646008e131e400818daccad01c912213a60f551decf8ae553996fba160755332c1f16dbe6750f96	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E6E05058C1510337F1C0D7000939C976E01E7070\Blob = 14000000010000001400000013e24100807a4c63e6ee6a2f4715c5e1fe0e4f14030000000100000014000000e6e05058c1510337f1c0d7000939c976e01e70700f0000000100000020000000d730cb7433f966be0da3d990d5fada4f62bb7e629a574c25ec8f60d773cccba92000000001000000f9020000308202f5308201dda0030201020210279870039d9b9bc93f65112ef53448e9300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3234303331393137303030305a170d3239303331383137303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c661803f980f1490d14d5642db965502ee5bdc842e90c508ac6860d95bf23be740112624afc13e2d734d76fdc760cf57cf5b4f755da33b61dee9ce755e75400a63ab0e34df71050365a4e7a3f3fdc06528cc8d285658436da25190310bc288cadb49d536292016e628a33ff110fcead04ed9c8cc1db780fc88a0ed044c1f51fa24cf2b92ba486682b9f40abe75f2c96a0e44cb321dd5c89afc63453d7ce9f6b856748d1455f65cf4a3fa37980f9b54208e87cd5e30f3ee8685cb3b15b65c492b32b80c44d04e1668aa7a7e27c513d8182f10e768a9ed3810fce50ec8dfc37407512a3a61d1f637db304c1ad3a1fecc6751c0a74d0107d92b9bdb2180753e08f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e0416041413e24100807a4c63e6ee6a2f4715c5e1fe0e4f14300d06092a864886f70d01010b05000382010100938fc4ca824c7894982848f91d8ae5e6b572397f8f48de443c130629162a18d42c68f899ab77ac6107a7eb1a4c05bddb063a3171a5f9f033746e65d6bc871a4f43c968e1cd59361ee4cdd58bfd79480007f7d8800d2fcf54f6b4935cdcbff8dc9855b376ce57827e94c8fd2fc42cd7a759af9c8436f5fd5506d2e4a0c64cf720d8b5292ed4e9791dfa81f7a478c822417d0626719b9b9ca8626a92c93df56638a4de6dc4ab347b26786ad7f3bf16e9fb8d285dbc20cbf32a7f8fdc3070a197d4cd98521f7f49863ce2405099b1a28c1548f339bf8b9501b87646008e131e400818daccad01c912213a60f551decf8ae553996fba160755332c1f16dbe6750f96	5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe

C:\Users\Admin\AppData\Local\Temp\5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe
"C:\Users\Admin\AppData\Local\Temp\5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f.exe"
1⤵
- Modifies system certificate store
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads