General
-
Target
setupV4.5.zip
-
Size
17.8MB
-
Sample
240805-yd78gswepp
-
MD5
9e295b0faf3d94316585238d82b07a27
-
SHA1
2198ba31b4a24e21eeb8655698177843ab54f0bd
-
SHA256
a2339e7fffaf4adeb6e4c023467dc361c32b6e94347f4f03dad907ccd1ca5dd4
-
SHA512
47d399fe5be808b7cacd6b825891dc5c8831c77d82a5028b693830fb329984beee02ba515981e0b9e202e6cbd30240af80e713bd7cb0ea4f37679f114429f555
-
SSDEEP
393216:3huVy83D+nT+Z/XN5lb4ImK8nk9wBnNhVgg6dTR5+o7Sql7UJEuK:EVDmgX7RXl8ket/6bt7UJEuK
Malware Config
Targets
-
-
Target
SetupV4.5.exe
-
Size
59.8MB
-
MD5
122e5491ff7d692f2308b0f40e49e32a
-
SHA1
03c00f1e743584409024e64ed2f216bce5dc2153
-
SHA256
569668593ebaffc50c1bf819b3908416ab98959cfe3a5438d199360c172bd674
-
SHA512
5d3b627e6b9d2531ce557e6bcd14326219227fc3e6d05c3e085a63f8bb3e6fff3f4a7abfc424b3885811dee600992a3dc0e213ddd4650b9275a3d1709e5f9e2c
-
SSDEEP
196608:Yj1rr+exTfU3+e2J7crs+efUlT4E6RAEbIBOHtMxoXLaz5LbpGdYWtftJJoBOC2b:err+ceXiml9DoGqXLaz5XpGSWzoBw
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1