General

  • Target

    free-alarm-clock-5.2-installer_2n-x4b2.exe

  • Size

    1.7MB

  • Sample

    240527-m7m9mahb9y

  • MD5

    5552181f905c874affb3c251067001e2

  • SHA1

    d4203fbda5da49b4ea470ebcbd464cc7f7985641

  • SHA256

    ca5f29cf7a96b1d85c923df3d56e5f35c6c298d4c977cf7c22989d27fac22c79

  • SHA512

    f7a4e3e1a748709f1cf696ebd49be429c8a6917e3be6596d852f6fca5e38f1a41da7932a58805f5bbf890a9848f38191212c324419c453c74e4a0765a34b27db

  • SSDEEP

    24576:n7FUDowAyrTVE3U5F/7OW7AmdQNxCzPktCJzO4PNQTQqeCR/7IXfETX:nBuZrEUGWxwoBO4PCsbsDoEj

Malware Config

Targets

    • Target

      free-alarm-clock-5.2-installer_2n-x4b2.exe

    • Size

      1.7MB

    • MD5

      5552181f905c874affb3c251067001e2

    • SHA1

      d4203fbda5da49b4ea470ebcbd464cc7f7985641

    • SHA256

      ca5f29cf7a96b1d85c923df3d56e5f35c6c298d4c977cf7c22989d27fac22c79

    • SHA512

      f7a4e3e1a748709f1cf696ebd49be429c8a6917e3be6596d852f6fca5e38f1a41da7932a58805f5bbf890a9848f38191212c324419c453c74e4a0765a34b27db

    • SSDEEP

      24576:n7FUDowAyrTVE3U5F/7OW7AmdQNxCzPktCJzO4PNQTQqeCR/7IXfETX:nBuZrEUGWxwoBO4PCsbsDoEj

    • Cobalt Strike reflective loader

      Detects the reflective loader used by Cobalt Strike.

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Modifies powershell logging option

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks