General

  • Target

    openvpn-gateway-UDP4-1194-install-2.6.7-I001-amd64.exe

  • Size

    3.8MB

  • Sample

    240527-xwczmaef4s

  • MD5

    a617f8ca937f32a5c80a0c4155ac07f4

  • SHA1

    558e6b064c7ad0f7e17a809d515a3a44c03f7a0c

  • SHA256

    cd0e975971e0ea173bf418c4cd55d1ef4469ba7e8e6028af90c5a0525287a0c7

  • SHA512

    ac54f56116c3eb55bfc6efb49dd4d32eada6b47a18e96b2a4133418f410cb3262413ae428abd27a15c4f74a93faf5f58c871a79f2e0520d217564d754d3db313

  • SSDEEP

    98304:zgwRh318ag2jCSQiCx3L2vJbFkEDmfl764Q40YhVF6H:zgOS2jCSQ/J2ZFkEaELLYhj6H

Score
8/10

Malware Config

Targets

    • Target

      openvpn-gateway-UDP4-1194-install-2.6.7-I001-amd64.exe

    • Size

      3.8MB

    • MD5

      a617f8ca937f32a5c80a0c4155ac07f4

    • SHA1

      558e6b064c7ad0f7e17a809d515a3a44c03f7a0c

    • SHA256

      cd0e975971e0ea173bf418c4cd55d1ef4469ba7e8e6028af90c5a0525287a0c7

    • SHA512

      ac54f56116c3eb55bfc6efb49dd4d32eada6b47a18e96b2a4133418f410cb3262413ae428abd27a15c4f74a93faf5f58c871a79f2e0520d217564d754d3db313

    • SSDEEP

      98304:zgwRh318ag2jCSQiCx3L2vJbFkEDmfl764Q40YhVF6H:zgOS2jCSQ/J2ZFkEaELLYhj6H

    Score
    8/10
    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks