General
-
Target
NordVPNSetup.exe
-
Size
1.7MB
-
Sample
240524-cxj44saa84
-
MD5
5d6f0577264346d7c28f1853871d89b7
-
SHA1
a606fa6e79ed5ca473eed30cc8483901ca67fae1
-
SHA256
391b613c8db8f21fe6545d6448adb188dd2b54749f31e7cd7abefb6e61f388d2
-
SHA512
9d43f0ef1ed41ac338a157dbcc74e5ebdb00ff83935aeb96095af9fe780a2217ae6362e6577b51780baffcaa50e2ee8f0c92345a473a199da5897411d3f72159
-
SSDEEP
24576:x7FUDowAyrTVE3U5FZvOcAqJys9vvys3gEhyel1XXkJ2k89zCA8:xBuZrEU1OMJys9HLRy3J2k8ob
Malware Config
Targets
-
-
Target
NordVPNSetup.exe
-
Size
1.7MB
-
MD5
5d6f0577264346d7c28f1853871d89b7
-
SHA1
a606fa6e79ed5ca473eed30cc8483901ca67fae1
-
SHA256
391b613c8db8f21fe6545d6448adb188dd2b54749f31e7cd7abefb6e61f388d2
-
SHA512
9d43f0ef1ed41ac338a157dbcc74e5ebdb00ff83935aeb96095af9fe780a2217ae6362e6577b51780baffcaa50e2ee8f0c92345a473a199da5897411d3f72159
-
SSDEEP
24576:x7FUDowAyrTVE3U5FZvOcAqJys9vvys3gEhyel1XXkJ2k89zCA8:xBuZrEU1OMJys9HLRy3J2k8ob
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Subvert Trust Controls
1Install Root Certificate
1Modify Registry
1