General

  • Target

    比特浏览器 Setup 5.0.3.exe

  • Size

    256.8MB

  • Sample

    240622-m4qwcavfpc

  • MD5

    db41201f55095d5fab96fec17c771fd0

  • SHA1

    370bfdf269e0ab19a7d213a91dedd1c25457aa3f

  • SHA256

    757be90d24d8716d45d5df8d0aa088a7dbd8a3c6710aeefc7926d3e5d7546c62

  • SHA512

    b0d9310a9fb2cd3a8b3299d78e997e4bc377550aa74e66f66ac3edae05cf3b48f0699c934867bc239575079a3042b0303ccfc877ac675343c2216ce3f6a3d026

  • SSDEEP

    6291456:u7xkMEn2OL9ycRx5ZjiRGughgKGq7URf3s8ca0C:znhMcP5ZjiFir7URxcar

Malware Config

Targets

    • Target

      比特浏览器 Setup 5.0.3.exe

    • Size

      256.8MB

    • MD5

      db41201f55095d5fab96fec17c771fd0

    • SHA1

      370bfdf269e0ab19a7d213a91dedd1c25457aa3f

    • SHA256

      757be90d24d8716d45d5df8d0aa088a7dbd8a3c6710aeefc7926d3e5d7546c62

    • SHA512

      b0d9310a9fb2cd3a8b3299d78e997e4bc377550aa74e66f66ac3edae05cf3b48f0699c934867bc239575079a3042b0303ccfc877ac675343c2216ce3f6a3d026

    • SSDEEP

      6291456:u7xkMEn2OL9ycRx5ZjiRGughgKGq7URf3s8ca0C:znhMcP5ZjiFir7URxcar

    Score
    9/10
    • Renames multiple (228) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Process Discovery

1
T1057

Tasks