General

  • Target

    Frost_Launcher.zip

  • Size

    29.2MB

  • Sample

    240522-dmra4sac82

  • MD5

    8101c955d05231a44cfdaeceb6fe8b3e

  • SHA1

    9167c3b0511c20e2e4a814330fde41ba9c8fd294

  • SHA256

    51f1c56cf6078e15d05e0ccd8a373db6cd114a574f0e3d1f8f55e5d50022244d

  • SHA512

    4200bf7141760d472d404a93207d60f2151b1508916cea14c80888d077714e04c7a848853da07227c4006d7a0afd1eb73f1de4a7f8a89b786e9c82a50ddc98e5

  • SSDEEP

    393216:aGs3C2bvihplLtWeJBX5EDc4h+p9KUh2QOXHlKSWpUAFUL7gIfjiQy:aGsS2bvqJG3aAq2QO3MvLWHgCjiQy

Malware Config

Targets

    • Target

      Frost Launcher/Frost.deps.json

    • Size

      110KB

    • MD5

      9699d34e46914de2d30b395067993ac8

    • SHA1

      5e91128624473ca2b33119145c55934d23bb1f7d

    • SHA256

      4f86617970999a75562521ccd1452f7c61ae1366c77850fb5a60d758830d7336

    • SHA512

      f2832795a642a5ef2cc5abc71ab7ffda0cf872b8a86218821220c428b3acad44e4734759a5bbf768954c35e8028fbb211751d5e558048261e6b87a6995679fe8

    • SSDEEP

      3072:qX+CROPbt9lcu72usgveq9eRyhzOqQ04CZJSopI2Pw:rIP

    Score
    3/10
    • Target

      Frost Launcher/Frost.dll

    • Size

      48.1MB

    • MD5

      8d3fd8d5efa68cca127acb900e87e1a0

    • SHA1

      af3379143326ab8bcbb1698bd6a1d2d7ad5883ca

    • SHA256

      9a421c21ec3d8d4cf31764f773d21ff79ee1fd97bcb3e09f0e359b99cedca62a

    • SHA512

      0f7666a2fc82cc843b205c3edc7fc82db57d8a4ebae1d6b93bb6d6cf8b4e8a68ace8bf78eba138d548f424f5c5fff007c061b7d4c3349d47126565e5e9c4b0a1

    • SSDEEP

      393216:tbE7xuFpFU54idtMPD9scPj1pO8M/mxy4Ms5ZBINOGAer:tbEQFpFm4WaPZe/mx7+NvAg

    Score
    1/10
    • Target

      Frost Launcher/Frost.exe

    • Size

      164KB

    • MD5

      a2cc9208e378127a28374ea4a9d11768

    • SHA1

      a1a78cac58651b33cc2cc1df11e8fcf677dcc505

    • SHA256

      ccef6ac06941ca93eb7fbf653b95bec478fbe6cf2513482644b2fddb01f79b3c

    • SHA512

      c424040141e4ce9264417526fd21a1eee40264a831c37e47311035f559fb617ad429d811c0d71cd5f0189ee9a163e84673c53a567bbaab0c38a04652c780c9aa

    • SSDEEP

      3072:xczkitvo4BpYN/6mBPry8TXROLdW5m4mUR59OOGs0kGXpDE2kb:xA4NCmBPry/N2lOO1iE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Target

      Frost Launcher/Frost.runtimeconfig.json

    • Size

      372B

    • MD5

      d94cf983fba9ab1bb8a6cb3ad4a48f50

    • SHA1

      04855d8b7a76b7ec74633043ef9986d4500ca63c

    • SHA256

      1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

    • SHA512

      09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

    Score
    3/10
    • Target

      Frost Launcher/runtimes/linux/native/libmongocrypt.so

    • Size

      11.8MB

    • MD5

      45b91603d0d8a443716a5be02da0b0a1

    • SHA1

      89fde1402b4b67b6ebf672024b31d053d7733030

    • SHA256

      43a6d8205796c8f8f64a0299171485a0b26561a3d2d934fc5247f6ae45eb087c

    • SHA512

      b72038250bc497c820cb9b0dc17a0972095978cbf75bc8860b927213d63b730514d89242c1a33ed6d3f3cd6075a7021d469496a582c64d4c1b1ced0e118d967c

    • SSDEEP

      98304:osgYUM3VO7Krb8nGzOKrb8gGJIZutt2+ySirY8S2JWLl3a326zD/jrf:P4JmOJ+UsTS2JK

    Score
    1/10
    • Target

      Frost Launcher/runtimes/osx/native/libmongocrypt.dylib

    • Size

      9.2MB

    • MD5

      39d1ebfca75fb6bd3b98f6539b36c648

    • SHA1

      8bf47119cab62375071e9849e6e2f53db387453b

    • SHA256

      208f78bc7c109080c3aac9cd268f2af1f82e9b53035d22b8b5a49f70ef0603d9

    • SHA512

      63d8d606159f7c67c414fc7155202c26cebefaf71506e4a0a9d7ebf7ad0c02485e20e79708bf583f7e3f0000f09d916e1d0df1346a9253ab4022d9b020e9d21c

    • SSDEEP

      98304:yr1WotAfoOG5/GBKrb8mlGGKrb8O28wvcdjYzube4+nYXJTKZO/GBKrb8mlGGKrs:IGJmFJjzUdjYzube4+nYiJmFJjDqm

    Score
    1/10
    • Target

      Frost Launcher/runtimes/win-x64/native/WebView2Loader.dll

    • Size

      157KB

    • MD5

      0057ef6dd4730d1cfc12ccc138800c6c

    • SHA1

      f3a9acab220ffc681c22a17bdf4c1b17e6f70617

    • SHA256

      0e0245c64d871097a92b1c70f38370c567460d19cd2fe3d877dfe30af9e8a5b1

    • SHA512

      2ef2546eeea276c58e352c77f7ce18d9f38adab73f705f6e6899ba3371c2187c71264a59769c9e29484449e7242f3df7626d01596a812f13fe56c633a588e5fa

    • SSDEEP

      3072:k0DBw62qj7ncwBxNnTkXmQmm8ylt9cD+8SjLThCEtcuVuxSpUb+fTCwJQ:DDdj7ncwB/GU4t92Etc+bUi2mQ

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks