Overview

overview

8

Static

static

3

Revo Unins....6.exe

windows7-x64

8

Revo Unins....6.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Revo Uninstaller Pro 5.2.6.exe

  • Size

    18.5MB

  • Sample

    240522-cxhahshe9t

  • MD5

    2413dc2fe7067dd7738d75446c140096

  • SHA1

    f246ac96e8eb790593ceb0e37896542efc67afe7

  • SHA256

    aa15d5ded58e1dcb2099806b996750c23c2bcb6026f9a5876a8a9ba0e86e5531

  • SHA512

    a49312f62dae510f3f986508fe7dd500650afe95d2f6b92081f33c77636ff5d73c0b3fbcb6b3dc8120b8b83a95f8d82e46cf529263859ec2197f9bdf234b1bcf

  • SSDEEP

    393216:gIBJiczqi8Alo2OtD6Zni1cOK8ZNK/WrH9PF2q5XFpBjFSF24S7ioXyj:RJ31z0VJOW79t2uXFp1FSE4AiCyj

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      Revo Uninstaller Pro 5.2.6.exe

    • Size

      18.5MB

    • MD5

      2413dc2fe7067dd7738d75446c140096

    • SHA1

      f246ac96e8eb790593ceb0e37896542efc67afe7

    • SHA256

      aa15d5ded58e1dcb2099806b996750c23c2bcb6026f9a5876a8a9ba0e86e5531

    • SHA512

      a49312f62dae510f3f986508fe7dd500650afe95d2f6b92081f33c77636ff5d73c0b3fbcb6b3dc8120b8b83a95f8d82e46cf529263859ec2197f9bdf234b1bcf

    • SSDEEP

      393216:gIBJiczqi8Alo2OtD6Zni1cOK8ZNK/WrH9PF2q5XFpBjFSF24S7ioXyj:RJ31z0VJOW79t2uXFp1FSE4AiCyj

    Score
    8/10
    discoverypersistence

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks