General

  • Target

    HuionFirmwareInstall_2.0.1.7.exe

  • Size

    29.8MB

  • Sample

    240723-zpmxcsxhmp

  • MD5

    c8dc9c3053343df46f286c5bf63cb13f

  • SHA1

    ad9796bfb147f79ce82194e77acc2b1eb25007c8

  • SHA256

    0eac136e846ea65add35d4976a457ee901d23801e473225d030f2356576ac959

  • SHA512

    3c9a7774de3b135dcd8f0b8d91bfaf70df20308248609abb57490a2bcd926583adbb52006ac21caffcece7b745d63077c22b4779ff998db5e0f72f9f7e82fd39

  • SSDEEP

    786432:pa1dVdldvz3QfqfofeWwMEx3f3JVDFf3sURHdfx:pCP/9zAfqfofbAPJf3sUR9f

Score
8/10

Malware Config

Targets

    • Target

      HuionFirmwareInstall_2.0.1.7.exe

    • Size

      29.8MB

    • MD5

      c8dc9c3053343df46f286c5bf63cb13f

    • SHA1

      ad9796bfb147f79ce82194e77acc2b1eb25007c8

    • SHA256

      0eac136e846ea65add35d4976a457ee901d23801e473225d030f2356576ac959

    • SHA512

      3c9a7774de3b135dcd8f0b8d91bfaf70df20308248609abb57490a2bcd926583adbb52006ac21caffcece7b745d63077c22b4779ff998db5e0f72f9f7e82fd39

    • SSDEEP

      786432:pa1dVdldvz3QfqfofeWwMEx3f3JVDFf3sURHdfx:pCP/9zAfqfofbAPJf3sUR9f

    Score
    8/10
    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks