c308abf55d4cf7c35317787d6c32f659d7c851aadec8c309c4b72f668d7f257f

Sharing

Copy URL Twitter E-mail

General

Target

EdgeUpdate.zip
Size

76.6MB
Sample

240825-ycyyessfqp
MD5

24699551fa53e4575125d6e512cf8470
SHA1

d829b1b124e8dca34e281afbf6b7ae70c6884607
SHA256

c308abf55d4cf7c35317787d6c32f659d7c851aadec8c309c4b72f668d7f257f
SHA512

21d36bc3141eee62b3a2c5a9e931f0d45447a4d1fef8baa28e26561b1a00038ce468b9127ccd82a18802f15e38b3d077eb3e1e461e395b2134c6cb8a43d21eb2
SSDEEP

1572864:hVeAAkiz1DeuPhmIfzmyjUhgedZRy2W1LHN/DPF0OeLbysFdwa1jer/lPmk2MwTp:EZeuPhmI7/kgew2W1rN7PL+mHukDw5JV

Score

6^/10

Malware Config

Targets

- Target
  
  EdgeUpdate/1.3.195.15/MicrosoftEdgeComRegisterShellARM64.exe
- Size
  
  182KB
- MD5
  
  b69894fc1c3f26c77b1826ef8b5a9fc5
- SHA1
  
  cff7b4299253beda53fb015408dd840db59901a1
- SHA256
  
  b91bad4c618eb6049b19364f62827470095e30519d07f4e0f2ccc387ddd5f1bf
- SHA512
  
  8361e97d84082f8e888262d0657bac47c152bd72f972628f446f58cbeacf37c05f484dce3fb0d38c4f0da2a2dcbb0813639d201d127ec7f072b942d43b216755
- SSDEEP
  
  3072:B8czHR6kl3VLgi6GMjVbQFUN+3i0rrkpSqN6RS:nHwkl3VLyGS5wSLFN9
Score

1^/10
behavioral1 behavioral2
- Target
  
  EdgeUpdate/1.3.195.15/MicrosoftEdgeUpdate.exe
- Size
  
  201KB
- MD5
  
  136e8226d68856da40a4f60e70581b72
- SHA1
  
  6c1a09e12e3e07740feef7b209f673b06542ab62
- SHA256
  
  b4b8a2f87ee9c5f731189fe9f622cb9cd18fa3d55b0e8e0ae3c3a44a0833709f
- SHA512
  
  9a0215830e3f3a97e8b2cdcf1b98053ce266f0c6cb537942aec1f40e22627b60cb5bb499faece768481c41f7d851fcd5e10baa9534df25c419664407c6e5a399
- SSDEEP
  
  3072:IHrfzY2c6X/YoW4l/DReos0gXf+EvC6C36eCWdMuoB+QSjh60WRt9faALV/nMiEF:mAel/DRfkTC3dM7B+GCyA
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  EdgeUpdate/1.3.195.15/MicrosoftEdgeUpdateBroker.exe
- Size
  
  98KB
- MD5
  
  31e1c773732a9cd1ab781205e39cf865
- SHA1
  
  606babeb51356f847344baff2de8225e927194b0
- SHA256
  
  3e90c66d0d00e294b9b51ec3ed7f846975d93736d424da3c253a2238e63cfb33
- SHA512
  
  1ef369022328cee44c3671a26b9534239389b3efd2fa45f73f7811829cbdd55b6dff421745efe957e38e6aa50bd8e63637e4c66cee4505391cd7af9e8cfa821d
- SSDEEP
  
  3072:VxUff8aohGme+YDfYz8FrRs684ePyoTB+Q3oAQCpM:DIkifYUGjTB+glQf
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  EdgeUpdate/1.3.195.15/MicrosoftEdgeUpdateComRegisterShell64.exe
- Size
  
  215KB
- MD5
  
  205590d4fb4b1914d2853ab7a9839ccf
- SHA1
  
  d9bbf8941df5993f72ffcf46beefcfcd88694ebd
- SHA256
  
  5f82471d58b6e700248d9602ce4a0a5cda4d2e2863ef1eb9fee4effcc07f3767
- SHA512
  
  bce1447d5d3210c22d52dec3b846db091b65ed03fd9d7cd11c6c4dbd2aa5a943d881360bc033c29abd61011581ff9354b35cbe421719d92568ed99997bfbbae8
- SSDEEP
  
  3072:RAIX8EhraApBWnQR7vBdZx/noJJwuZoY46OhMH3jCX7jB+M:RAUthraApBWQRztxPooh7t
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral7 behavioral8
- Target
  
  EdgeUpdate/1.3.195.15/MicrosoftEdgeUpdateCore.exe
- Size
  
  261KB
- MD5
  
  b07ab49ee8453853021c7dac2b2131db
- SHA1
  
  e1d87d6a6e7503d0d2b288ea5f034fe2f346196a
- SHA256
  
  f8535d5d73ebebed15adc6ae2ced6bb4889aa23e6ffe55faeabd961bf77b05e4
- SHA512
  
  5eaae533fbe71430ae2a717f7668fd0a26ec37624e198a32f09bfdbee7e3b6e93d64e4fbb78cbdb05c4fe390a864490ea997d11849ecd371f5153bc8bfafccc3
- SSDEEP
  
  6144:3lUSzoSVslEktrv4V6n7GdVOLXEAOxRHXY8dh+Ly:HoSVslEktrv4VsLXEl3YMh+Ly
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  EdgeUpdate/1.3.195.15/MicrosoftEdgeUpdateOnDemand.exe
- Size
  
  98KB
- MD5
  
  d0373e02a529653013865e392c417471
- SHA1
  
  dc21627a0f3ce0c987b6bfcb4b3b4115f59a64fc
- SHA256
  
  d4cb47b4444be38bb6dcadc8bc9cacc029cb73a66bc7af152c1c4ca022446aa4
- SHA512
  
  03f2a494ef10e73bb3becdea8ebc29a42078f3bd1f0fffff099ed8801f6d00720486d94bd38d52e47f2d6ddf4c452cdae46c4882af3288924cc66d0130ac7922
- SSDEEP
  
  3072:/ZU+l/8xoAm2+YDfYz8GrRfaivDozB+Q3cZJk1:BZNr2fYLKzB+gww
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  EdgeUpdate/1.3.195.15/MicrosoftEdgeUpdateSetup.exe
- Size
  
  1.6MB
- MD5
  
  90decc230b529e4fd7e5fa709e575e76
- SHA1
  
  aa48b58cf2293dad5854431448385e583b53652c
- SHA256
  
  91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2
- SHA512
  
  15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03
- SSDEEP
  
  49152:ciEa3J/lPA552bT8TCKpxVt2sl0TD5yncADYOS0jZ2/vgm9d3:cirIOoT9pnt9l45mcADRS0SRb3
Score

4^/10

discovery
behavioral13 behavioral14
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdate.dll
- Size
  
  2.1MB
- MD5
  
  5d89123f9b96098d8fad74108bdd5f7e
- SHA1
  
  6309551b9656527563d2b2f3c335fd6805da0501
- SHA256
  
  03c3c918886e58f096aa8e919b1e9f8dcd5a9f2a4765971049bf8da305476f44
- SHA512
  
  9d8190e5374cd1b4adbbfb87c27fa40d4de529d7c0a20654e0ce189a4cb9a53d3708c4ce657a7a5469b015df7efbbff495fc844579d9cd363b329b7e007e85c8
- SSDEEP
  
  49152:+vJhItDagEP76mClLngaLa7uclNX7VW2UECL7LaE9i+X:yhIt25P7ClL1uxW2N09i+X
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral15 behavioral16
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdateres_af.dll
- Size
  
  29KB
- MD5
  
  4f860d5995ab77e6efa8f589a758c6d2
- SHA1
  
  07536839ccfd3c654ec5dc2161020f729973196d
- SHA256
  
  9841d787142dd54fea6b033bd897f05f3e617b48b051de0ee3cf5865b3393150
- SHA512
  
  0b9a661b76360f1fb2eb3ee25c6bf2cbab7ec74e2363e0af321dc4d0afb3cad301dddd16ea367d588451a40a2c2ed41f21d7afae48307e1e4a4ec5b24165b378
- SSDEEP
  
  384:008NVFXh78oWm2IWNjrYiVDxlwC3W+45yEFHRN71HcTR9zUd26zFg:h2mW+4gEl18V9z4zz2
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdateres_am.dll
- Size
  
  24KB
- MD5
  
  f624de37750fd191eb29d4de36818f8b
- SHA1
  
  b647dae9b9a3c673980afa651d73ce0a4985aae6
- SHA256
  
  e284453cd512e446fcbf9440013f8cb2348ffd6b1acec5366f2511cdf88b1794
- SHA512
  
  d1d65e29ed59e34d4ff66df11a2368f1a724730e32eb245022d4f3d1fadf16d445ba8532460afb0e6e91f8be60a7240d13577403193042d1e912a67e4bf23b1a
- SSDEEP
  
  384:/vrnQVFXh78oWm2IWL0Kl8js/q5yEFHRN7N2IR9zjDAd:nnCe8js/qgElsU9zHe
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdateres_ar.dll
- Size
  
  26KB
- MD5
  
  5de3f4dabb5f033f24e29033142e7349
- SHA1
  
  5c446985de443501b545d75f6886a143c748b033
- SHA256
  
  2533d443b68c5288468b0b20cc3a70dc05f0498369d5321368a97dd5bf3268c8
- SHA512
  
  c96296e6f67edeff2be5dc03014a8eb65fc287fb899357d4608c36c07b4610827aa18cbec6ccd47b66230a12341af488aca8bd02632fa768f84ca7b1d9c9d065
- SSDEEP
  
  384:U1LPBb8oWm2IWwYwTPsQ8XvPG85yEFHRN7aa0bHR9z2v8:F2bQXvP3gEl10l9z1
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdateres_as.dll
- Size
  
  29KB
- MD5
  
  1fb14c6c4fee7bfabe41badb7c5acff8
- SHA1
  
  953d94cd73951943db14c08cce37b2d3ac821b02
- SHA256
  
  cd32339fd7e4a5959e93eb5bfd6e009e4137e15c5e6c2e861d7891487216da49
- SHA512
  
  a93b081935fbe48fafa8071a9cd593ae7b19205c70eaf48c724397019a04161460c66d6d8c6ffd872f4d52a4a7aa25ba1cba04181b9ebaca04b76d111ea588d2
- SSDEEP
  
  768:sI3Z452DuUu3+F/D06DpJKIlHpOAjVXC4dC9zVj2k:FGAxC4dezF2k
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdateres_az.dll
- Size
  
  29KB
- MD5
  
  d3345579310f3bd080b406de47b2305f
- SHA1
  
  16aefb27ea6d81c684f041aa50ebb49fdd403d83
- SHA256
  
  b4ea3c63fa0104093a2b2034f950428e66d2cf3d55f0fc5bd688483392d60d69
- SHA512
  
  65e4aa8587bc579b5109d91e02745f6de96a23b6ac2962cdeb6d9d536b51abab12b2bbaeca72572c3ae1971dac5bd24430eb2ae5ccf44a7068427594e4afdd7a
- SSDEEP
  
  768:lzIOFe5FEuo//rtkPFS5OrF9FTFYF+uiAdh9zB:lVFe5FEuobuFJrF9FTFYF6AdTzB
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdateres_bg.dll
- Size
  
  29KB
- MD5
  
  ecf3405e9e712d685ef1e8a5377296ea
- SHA1
  
  9872cdf450adf4257d77282a39b75822ce1c8375
- SHA256
  
  e400415638a7b7dcc28b14a257a28e93e423c396e89a02cba51623fdfbdc6b0b
- SHA512
  
  37e5f1b3bdd97a4370718dc2a46d78ab5b66865d3cdb66a20a7dc20a9d423ccde954c08f97e574fbab24e8dfa905351cbfb94bd3e6692a9b6526097ea3dc911d
- SSDEEP
  
  384:OBJVFXh78oWm2IWvdsSCCdrwdPMQgv6Sf46i/NEHRN7RRxB+R9z7CuP3YX:1xdshCJCgCz6OARRxw9zDP38
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdateres_bn-IN.dll
- Size
  
  29KB
- MD5
  
  051c429fa2beec9c2842c403a86c0e7b
- SHA1
  
  0a06a45200a1f5c81c48fbd2d03549fc9fac3a58
- SHA256
  
  1a8465922bbb05a97a24f6c2200fcc7afd8bd0ace245c2eda9d9d335d4fb9353
- SHA512
  
  bb59b41804328f27ba8861af32824266ca69ddcfdaaa11551b1edd4e129dbba630da8070abedb28e180045f8d0ddc1209cd901919f6b9aa421c457188af795c6
- SSDEEP
  
  768:7NvAGEtJtVWCZsnM9/r94amPdQ8JBlHAABIFT9zh0:7ZAGEbOSABITzG
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  EdgeUpdate/1.3.195.15/msedgeupdateres_bn.dll
- Size
  
  29KB
- MD5
  
  82711e45d2b0764997abc1e0678a73bb
- SHA1
  
  47908e8885c86477a6f52eea5fddb005ec5b3fa3
- SHA256
  
  2bb7455999b8f53a2a0834588ca4da4703f4da362a127d01cc6bd60ca0303799
- SHA512
  
  4b517796edc954ab7f5a26a5d6605925dc7e84b611bcf59352b3b95f719cedc72c77a465fb1e7bc2d2f422d596c97968dac5b57292c82967d5cfaff980128fc2
- SSDEEP
  
  768:vQvAGEtJtVWCZsnM9/r94amPdQ8JBlH9gElUEpw9zt:vwAGEbOfZUEp4zt
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks whether UAC is enabled

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32