Resubmissions

16-05-2024 17:21

240516-vw2a4sfe44 8

16-05-2024 17:17

240516-vtthgsfd34 7

General

  • Target

    rocl.exe

  • Size

    8.8MB

  • Sample

    240516-vw2a4sfe44

  • MD5

    ec4aa7c21dc36fea555651f7c57d0b0c

  • SHA1

    8827af434ad668add92904ede295cb861d64029b

  • SHA256

    9c4a079fff173b3d4e3142226b8c5524626c676f0b3d04c79c9f08639f2e0ba3

  • SHA512

    2023cd955524f2267c159ae38681f53f8fd65dcb25489a4d0b2d373c844406aa6dc985344709f5c81bec7ae833f1e64528ad591f49e579e382928d0b8c796c20

  • SSDEEP

    196608:KhXuXjQW0nBA1HeT39IigQdeE9TFa0Z8DOjCdylLhYMfZGNJnzd+dzqKO:h0vnq1+TtIiLUY9Z8D8CcldlRGNJHK

Malware Config

Targets

    • Target

      rocl.exe

    • Size

      8.8MB

    • MD5

      ec4aa7c21dc36fea555651f7c57d0b0c

    • SHA1

      8827af434ad668add92904ede295cb861d64029b

    • SHA256

      9c4a079fff173b3d4e3142226b8c5524626c676f0b3d04c79c9f08639f2e0ba3

    • SHA512

      2023cd955524f2267c159ae38681f53f8fd65dcb25489a4d0b2d373c844406aa6dc985344709f5c81bec7ae833f1e64528ad591f49e579e382928d0b8c796c20

    • SSDEEP

      196608:KhXuXjQW0nBA1HeT39IigQdeE9TFa0Z8DOjCdylLhYMfZGNJnzd+dzqKO:h0vnq1+TtIiLUY9Z8D8CcldlRGNJHK

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks