General
-
Target
GoogleEarthProSetup.exe
-
Size
1.3MB
-
Sample
240905-xxa7esxepl
-
MD5
6b27e0995ef218b1a01c2d47781a5b7d
-
SHA1
fe063ab19d14651865b3f9d70b7023fdb2ae66bf
-
SHA256
5f11f6fc533b0b9a6a632633a440129cc496bba39aaaa0ae65a29dfabb08664c
-
SHA512
a06ca1fdc4a0155d26513e9ee903d60b322c25f55ebd77f45196ec8bdbe39b713e4a67ba96e14b93e3b0f3dee91b8611f4371af879a4b13cc5dcee16a6a08c18
-
SSDEEP
24576:PJvKzcVkyEq9DRho1jFP8ltPP01Ws7+wFPEl9ix4fpUzoQDt+egElxdqFWVCGC:FKzcCyEq9DRho/ctH01Ws74rA4RUBDHo
Malware Config
Targets
-
-
Target
GoogleEarthProSetup.exe
-
Size
1.3MB
-
MD5
6b27e0995ef218b1a01c2d47781a5b7d
-
SHA1
fe063ab19d14651865b3f9d70b7023fdb2ae66bf
-
SHA256
5f11f6fc533b0b9a6a632633a440129cc496bba39aaaa0ae65a29dfabb08664c
-
SHA512
a06ca1fdc4a0155d26513e9ee903d60b322c25f55ebd77f45196ec8bdbe39b713e4a67ba96e14b93e3b0f3dee91b8611f4371af879a4b13cc5dcee16a6a08c18
-
SSDEEP
24576:PJvKzcVkyEq9DRho1jFP8ltPP01Ws7+wFPEl9ix4fpUzoQDt+egElxdqFWVCGC:FKzcCyEq9DRho/ctH01Ws74rA4RUBDHo
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1