General
-
Target
openvpn-gateway-UDP4-1194-install-2.6.7-I001-amd64.exe
-
Size
3.8MB
-
Sample
240527-xwczmaef4s
-
MD5
a617f8ca937f32a5c80a0c4155ac07f4
-
SHA1
558e6b064c7ad0f7e17a809d515a3a44c03f7a0c
-
SHA256
cd0e975971e0ea173bf418c4cd55d1ef4469ba7e8e6028af90c5a0525287a0c7
-
SHA512
ac54f56116c3eb55bfc6efb49dd4d32eada6b47a18e96b2a4133418f410cb3262413ae428abd27a15c4f74a93faf5f58c871a79f2e0520d217564d754d3db313
-
SSDEEP
98304:zgwRh318ag2jCSQiCx3L2vJbFkEDmfl764Q40YhVF6H:zgOS2jCSQ/J2ZFkEaELLYhj6H
Static task
static1
Behavioral task
behavioral1
Sample
openvpn-gateway-UDP4-1194-install-2.6.7-I001-amd64.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
openvpn-gateway-UDP4-1194-install-2.6.7-I001-amd64.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
openvpn-gateway-UDP4-1194-install-2.6.7-I001-amd64.exe
-
Size
3.8MB
-
MD5
a617f8ca937f32a5c80a0c4155ac07f4
-
SHA1
558e6b064c7ad0f7e17a809d515a3a44c03f7a0c
-
SHA256
cd0e975971e0ea173bf418c4cd55d1ef4469ba7e8e6028af90c5a0525287a0c7
-
SHA512
ac54f56116c3eb55bfc6efb49dd4d32eada6b47a18e96b2a4133418f410cb3262413ae428abd27a15c4f74a93faf5f58c871a79f2e0520d217564d754d3db313
-
SSDEEP
98304:zgwRh318ag2jCSQiCx3L2vJbFkEDmfl764Q40YhVF6H:zgOS2jCSQ/J2ZFkEaELLYhj6H
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1