General

  • Target

    IS.Setup.exe

  • Size

    17.5MB

  • Sample

    240525-qznf7sed8z

  • MD5

    f48ca4a6e5457dbb41d8de929da88c7c

  • SHA1

    2908ae49cdaa4489ed80f25b8096bd79fb77ee42

  • SHA256

    84dab96a11da002f640ba371f218c49fc3c13d192b9ffbae63cea45bf572ef2d

  • SHA512

    a46e8e2fa8bb5f8f1c4158546c11c4b531047706ef4eb45bb288096d02d3d6212f4d92a13fb3d6402296256947558c470433ebcc9068f0a5712f9070e39b1bdd

  • SSDEEP

    393216:uDaEVkpOv6htaoWh9ObpTX/6CIzOTIyzuKZ7KivthRc9Tn1:VxRtaoq9ObpTX/Lr/vthRGTn1

Malware Config

Targets

    • Target

      IS.Setup.exe

    • Size

      17.5MB

    • MD5

      f48ca4a6e5457dbb41d8de929da88c7c

    • SHA1

      2908ae49cdaa4489ed80f25b8096bd79fb77ee42

    • SHA256

      84dab96a11da002f640ba371f218c49fc3c13d192b9ffbae63cea45bf572ef2d

    • SHA512

      a46e8e2fa8bb5f8f1c4158546c11c4b531047706ef4eb45bb288096d02d3d6212f4d92a13fb3d6402296256947558c470433ebcc9068f0a5712f9070e39b1bdd

    • SSDEEP

      393216:uDaEVkpOv6htaoWh9ObpTX/6CIzOTIyzuKZ7KivthRc9Tn1:VxRtaoq9ObpTX/Lr/vthRGTn1

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks