General
-
Target
MediBangPaintProSetup-29.1-64bit.exe
-
Size
41.9MB
-
Sample
240704-sfj1sazgpe
-
MD5
6d86a5cfa8fcc892f1acfd1a817d96d6
-
SHA1
5b2290f0b9b6208bac83527a566f959bb02e08b2
-
SHA256
551ea714f3c8fb3dfd394789616753066010d2b3491ea35da0bd3e78fcc25044
-
SHA512
4127897b884e981199c0eca3b5263c2555222eaa71ff9dc9bb4348a56f996bea30faf2d93ca61d7d50c203b44cd3f0df79df8762fd8ef42594de68bc9e1c46ff
-
SSDEEP
786432:Xi9PIbkbF5HYhZzR5IODUnaYsIyGdIg8mk6i+36BrQvbE715LALWrK70:XaPI4BNsd5TYna3FhmkwAr+bEJ5I/70
Malware Config
Targets
-
-
Target
MediBangPaintProSetup-29.1-64bit.exe
-
Size
41.9MB
-
MD5
6d86a5cfa8fcc892f1acfd1a817d96d6
-
SHA1
5b2290f0b9b6208bac83527a566f959bb02e08b2
-
SHA256
551ea714f3c8fb3dfd394789616753066010d2b3491ea35da0bd3e78fcc25044
-
SHA512
4127897b884e981199c0eca3b5263c2555222eaa71ff9dc9bb4348a56f996bea30faf2d93ca61d7d50c203b44cd3f0df79df8762fd8ef42594de68bc9e1c46ff
-
SSDEEP
786432:Xi9PIbkbF5HYhZzR5IODUnaYsIyGdIg8mk6i+36BrQvbE715LALWrK70:XaPI4BNsd5TYna3FhmkwAr+bEJ5I/70
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1