General
-
Target
RADStudio_12_1_esd_61_7529b.exe
-
Size
168.7MB
-
Sample
240503-yn88jaea81
-
MD5
c7d4fd8166d1189998bc05a93d40417a
-
SHA1
bae4531f51e0b0767399e62f7389e9f62810b4f2
-
SHA256
07aa489a73bd71ef8472fe592711ba9afdfd6554d9aef7460a60a4a07986bb18
-
SHA512
5c91af7fc42e7d1c98dbfc6ea0170a6b45c136cf9ed70c974785f602d45f37fa739380afb6dfa939726af037b51111ad8143ac4c533828332bc5061dbb8aaec6
-
SSDEEP
3145728:zi4GWu+v1fJp50W+M/kk3iKJNV4QL8Az59qFkEMLFDQEA4:zi4GWfxJp50M/kkSMNV1f10yR3A
Malware Config
Targets
-
-
Target
RADStudio_12_1_esd_61_7529b.exe
-
Size
168.7MB
-
MD5
c7d4fd8166d1189998bc05a93d40417a
-
SHA1
bae4531f51e0b0767399e62f7389e9f62810b4f2
-
SHA256
07aa489a73bd71ef8472fe592711ba9afdfd6554d9aef7460a60a4a07986bb18
-
SHA512
5c91af7fc42e7d1c98dbfc6ea0170a6b45c136cf9ed70c974785f602d45f37fa739380afb6dfa939726af037b51111ad8143ac4c533828332bc5061dbb8aaec6
-
SSDEEP
3145728:zi4GWu+v1fJp50W+M/kk3iKJNV4QL8Az59qFkEMLFDQEA4:zi4GWfxJp50M/kkSMNV1f10yR3A
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1