General

  • Target

    MinecraftInstaller.msi

  • Size

    2.1MB

  • Sample

    240617-rw77waybpj

  • MD5

    02d7f8e22149e154487f2fdddfcec8c5

  • SHA1

    390019b5f2c24f14dd398ab4ba8bef0183a923af

  • SHA256

    d9618862a64da8a5c86f2c9cde65b48ab92ff8bbc14d5f3c7946539a44e2db17

  • SHA512

    140d1b9c320e29eca7e9ad2ed0c75004d2421f612a6cafb593d168856fa918ed7bc607ddcebc042a3a26a3e819785d9cea4ef1a298ad1f13dd4181c5b5b3e2cb

  • SSDEEP

    49152:Bc2RN7YlgV7/wvGlys8tHa09h8raJmnyroZuTb47M0W:Bcs8ADMsYHaZyeEoZAH

Malware Config

Targets

    • Target

      MinecraftInstaller.msi

    • Size

      2.1MB

    • MD5

      02d7f8e22149e154487f2fdddfcec8c5

    • SHA1

      390019b5f2c24f14dd398ab4ba8bef0183a923af

    • SHA256

      d9618862a64da8a5c86f2c9cde65b48ab92ff8bbc14d5f3c7946539a44e2db17

    • SHA512

      140d1b9c320e29eca7e9ad2ed0c75004d2421f612a6cafb593d168856fa918ed7bc607ddcebc042a3a26a3e819785d9cea4ef1a298ad1f13dd4181c5b5b3e2cb

    • SSDEEP

      49152:Bc2RN7YlgV7/wvGlys8tHa09h8raJmnyroZuTb47M0W:Bcs8ADMsYHaZyeEoZAH

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks