General
-
Target
Retrac_Launcher_1.0.9_x64_en-US.msi
-
Size
6.6MB
-
Sample
240719-glr3ssyfpc
-
MD5
79a3ef34fb61355df68b7931c56f08f5
-
SHA1
f945151e501116aa5d2fbe3698cd55ff9b766691
-
SHA256
e54675fdcd9d66f78f122b7dd4b61f2acd77951dcdd32914af8ace2ff71fd18c
-
SHA512
72c0e71202b50874a6200953e20adcd4b5b0299921172ab1185565fe57490b0073789e1528ebf1de5a7f2922b49b21a2c360f5aaaa455596f2f4fecfbad52f57
-
SSDEEP
196608:llBaVrNSXtyiN2gU3HS5oWQWnXl2m/YXGz:4db32jBnV2m/z
Malware Config
Targets
-
-
Target
Retrac_Launcher_1.0.9_x64_en-US.msi
-
Size
6.6MB
-
MD5
79a3ef34fb61355df68b7931c56f08f5
-
SHA1
f945151e501116aa5d2fbe3698cd55ff9b766691
-
SHA256
e54675fdcd9d66f78f122b7dd4b61f2acd77951dcdd32914af8ace2ff71fd18c
-
SHA512
72c0e71202b50874a6200953e20adcd4b5b0299921172ab1185565fe57490b0073789e1528ebf1de5a7f2922b49b21a2c360f5aaaa455596f2f4fecfbad52f57
-
SSDEEP
196608:llBaVrNSXtyiN2gU3HS5oWQWnXl2m/YXGz:4db32jBnV2m/z
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1