Overview

overview

8

Static

static

1

bridge_2.7...US.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bridge_2.7.17_x64_en-US.msi

  • Size

    14.7MB

  • Sample

    240521-zhz84shg73

  • MD5

    62b8b06b6ea75c761b159d53d8cc5c0b

  • SHA1

    8498e5465fa0da19b0d6ae5713ed7446c2e84b15

  • SHA256

    e8058272fc5788f50ff45f1713e92c04a75f7268983d6d50a260ed03f7125873

  • SHA512

    6a6dca698955bc25f92ae0de1df23e1201010334bbcbff67a2018409767d60d98575f07730957d618ea0ba26d0168e3285045c21fa03d2cb04c1bbc28f023eeb

  • SSDEEP

    393216:S6G/3BEgr87IFgtwThyvB66IpWHtCUaTvkPsO2TfY:k/T87dwWjAWHtCUS0sJs

Score
8/10
discoveryevasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      bridge_2.7.17_x64_en-US.msi

    • Size

      14.7MB

    • MD5

      62b8b06b6ea75c761b159d53d8cc5c0b

    • SHA1

      8498e5465fa0da19b0d6ae5713ed7446c2e84b15

    • SHA256

      e8058272fc5788f50ff45f1713e92c04a75f7268983d6d50a260ed03f7125873

    • SHA512

      6a6dca698955bc25f92ae0de1df23e1201010334bbcbff67a2018409767d60d98575f07730957d618ea0ba26d0168e3285045c21fa03d2cb04c1bbc28f023eeb

    • SSDEEP

      393216:S6G/3BEgr87IFgtwThyvB66IpWHtCUaTvkPsO2TfY:k/T87dwWjAWHtCUS0sJs

    Score
    8/10
    discoveryevasionexecutionpersistencetrojan

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Checks whether UAC is enabled

      evasiontrojan

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks