General

  • Target

    VoicemodSetup_2.6.0.7.exe

  • Size

    64.4MB

  • Sample

    240603-er56hacb79

  • MD5

    ac5c87490c1d1949dfe6f50ee007e6ea

  • SHA1

    ecca4b6ea32fa0af34b739a1c9e93cc400651091

  • SHA256

    7ff3b571ce5e9853333c9a1bda22070755c4ac579b9aa785e56db315e851e32d

  • SHA512

    6ad0c745b3e49eab9587b13135261be98a858d24f797a200217a3eadb65d8219ea51535cc64426187e8cbc9a030e3998011842c18d348037e6b2dc57f1efa24d

  • SSDEEP

    1572864:jSJjRAbmycmDxlBFllh8LRdKKPGleP6YDmq5glXg4Y:giyyXPrlhSdCQCYDVglw4Y

Malware Config

Targets

    • Target

      VoicemodSetup_2.6.0.7.exe

    • Size

      64.4MB

    • MD5

      ac5c87490c1d1949dfe6f50ee007e6ea

    • SHA1

      ecca4b6ea32fa0af34b739a1c9e93cc400651091

    • SHA256

      7ff3b571ce5e9853333c9a1bda22070755c4ac579b9aa785e56db315e851e32d

    • SHA512

      6ad0c745b3e49eab9587b13135261be98a858d24f797a200217a3eadb65d8219ea51535cc64426187e8cbc9a030e3998011842c18d348037e6b2dc57f1efa24d

    • SSDEEP

      1572864:jSJjRAbmycmDxlBFllh8LRdKKPGleP6YDmq5glXg4Y:giyyXPrlhSdCQCYDVglw4Y

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks