General

  • Target

    GEN3i7iUpdatePackageV8.exe

  • Size

    130.0MB

  • Sample

    240603-k14xpaba33

  • MD5

    d40d2db2fb0f836a494a5a1dd3fcc687

  • SHA1

    57fbb96d52dda7e1e34bffcda8ffaa5d8466448a

  • SHA256

    4cec01304868ca6c3c2011b93cb55810f6511b71a5ee52f4c8dc608f78e42067

  • SHA512

    cd28c9ed9682e8d8fbfc30215eb4d9259d1258dbb552de55b49883f806968337e78386f6ec0c1725b161cbebea6889a31746fa2300397352f52f7d8588291f87

  • SSDEEP

    3145728:wsXWrBn5qDA8DHDSNCaP++Zqm87AjiDTPhlgiZOp++PvERLoY8r:7XWrBn5qBL8Ghm8xT/Z4nEFoBr

Malware Config

Targets

    • Target

      GEN3i7iUpdatePackageV8.exe

    • Size

      130.0MB

    • MD5

      d40d2db2fb0f836a494a5a1dd3fcc687

    • SHA1

      57fbb96d52dda7e1e34bffcda8ffaa5d8466448a

    • SHA256

      4cec01304868ca6c3c2011b93cb55810f6511b71a5ee52f4c8dc608f78e42067

    • SHA512

      cd28c9ed9682e8d8fbfc30215eb4d9259d1258dbb552de55b49883f806968337e78386f6ec0c1725b161cbebea6889a31746fa2300397352f52f7d8588291f87

    • SSDEEP

      3145728:wsXWrBn5qDA8DHDSNCaP++Zqm87AjiDTPhlgiZOp++PvERLoY8r:7XWrBn5qBL8Ghm8xT/Z4nEFoBr

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks