General
-
Target
OpenShellSetup_4_4_191.exe
-
Size
7.9MB
-
Sample
240422-p9xbesbh2z
-
MD5
e0484fd1e79a0227a5923cdc95b511ba
-
SHA1
bea0cb5c42adbde14e8cf50b64982e1877c7855d
-
SHA256
9e9c32badb52444ca8a8726aef7c220ff48de8c7916cdfdca4dff6e009ac1f0c
-
SHA512
80f8b0ac16dfbf7df640a69b0f05ec9e002e09ed1d7c84d231db00422972c5a02ddef616570d4e7488f697c28933bbf27e5175db61b8cbd2403203b6e30bf431
-
SSDEEP
196608:B+s5T8f3Hb+IcrthtV80y85WDe+qHw7aJvRt5Oj8GWDAqr:BbT8j+9JkNDJQGuRFDj
Malware Config
Targets
-
-
Target
OpenShellSetup_4_4_191.exe
-
Size
7.9MB
-
MD5
e0484fd1e79a0227a5923cdc95b511ba
-
SHA1
bea0cb5c42adbde14e8cf50b64982e1877c7855d
-
SHA256
9e9c32badb52444ca8a8726aef7c220ff48de8c7916cdfdca4dff6e009ac1f0c
-
SHA512
80f8b0ac16dfbf7df640a69b0f05ec9e002e09ed1d7c84d231db00422972c5a02ddef616570d4e7488f697c28933bbf27e5175db61b8cbd2403203b6e30bf431
-
SSDEEP
196608:B+s5T8f3Hb+IcrthtV80y85WDe+qHw7aJvRt5Oj8GWDAqr:BbT8j+9JkNDJQGuRFDj
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Privilege Escalation
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2