General
-
Target
Yealink RoomConnect Software(2.2.23.0).msi
-
Size
100.6MB
-
Sample
240424-pdm3wahf75
-
MD5
c7eb3be0ee177d1ccc7fde882291c24c
-
SHA1
85d4f24808e411ec2652c65c4b3a60e3f2b0d354
-
SHA256
6c8609e9f86f50aa80a45f3f679a1d2b0fe429746d93d16398f25cabf9341ae2
-
SHA512
fdda7fd7670226a67386399c52b8d0b225864151da6cc0f1bbdc083183a70db08fc3c30a26c7a698a373fbe9fc580f539d7705c9d0c9bd4f86a132b691b14bfa
-
SSDEEP
3145728:v/JBZgFZg/y/btfC74k77ZROuczprfXwZeP8eOO:XNgFKqs977yuupfgZeP8eO
Static task
static1
Behavioral task
behavioral1
Sample
Yealink RoomConnect Software(2.2.23.0).msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Yealink RoomConnect Software(2.2.23.0).msi
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Yealink RoomConnect Software(2.2.23.0).msi
-
Size
100.6MB
-
MD5
c7eb3be0ee177d1ccc7fde882291c24c
-
SHA1
85d4f24808e411ec2652c65c4b3a60e3f2b0d354
-
SHA256
6c8609e9f86f50aa80a45f3f679a1d2b0fe429746d93d16398f25cabf9341ae2
-
SHA512
fdda7fd7670226a67386399c52b8d0b225864151da6cc0f1bbdc083183a70db08fc3c30a26c7a698a373fbe9fc580f539d7705c9d0c9bd4f86a132b691b14bfa
-
SSDEEP
3145728:v/JBZgFZg/y/btfC74k77ZROuczprfXwZeP8eOO:XNgFKqs977yuupfgZeP8eO
Score10/10-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2