c5fd5691f4eec136f0bdbfbc3f84c0f70cb0b39d03ea4402eace25b90a699c82 | Triage

Sharing

General

Target

potato-launcher.Setup.2.2.6.exe
Size

60.2MB
Sample

240907-rv6mnaycpp
MD5

5344ce3654bd1db264e8cc5d75a62b59
SHA1

817854ce44c8b3c5cc6854e7324f904f9f18d900
SHA256

c5fd5691f4eec136f0bdbfbc3f84c0f70cb0b39d03ea4402eace25b90a699c82
SHA512

d95874fe444133001a00738d79ce95e5486e7a215ddee25cb497d71ea2989319011734d5f0b8c2f921adf99aa93fc02131b9bb5f44844c36c24ff3cf3e6df86c
SSDEEP

1572864:Ng0PJY8xZrIfDg7IksBLC958fhXdfbH5C:Ng0PJYuZkf37FCUdtVC

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  potato-launcher.Setup.2.2.6.exe
- Size
  
  60.2MB
- MD5
  
  5344ce3654bd1db264e8cc5d75a62b59
- SHA1
  
  817854ce44c8b3c5cc6854e7324f904f9f18d900
- SHA256
  
  c5fd5691f4eec136f0bdbfbc3f84c0f70cb0b39d03ea4402eace25b90a699c82
- SHA512
  
  d95874fe444133001a00738d79ce95e5486e7a215ddee25cb497d71ea2989319011734d5f0b8c2f921adf99aa93fc02131b9bb5f44844c36c24ff3cf3e6df86c
- SSDEEP
  
  1572864:Ng0PJY8xZrIfDg7IksBLC958fhXdfbH5C:Ng0PJYuZkf37FCUdtVC
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  59.6MB
- MD5
  
  366c753f1125dba8d9e514ba713e878a
- SHA1
  
  bd2bce15f66598234a31d170c06fcd0696b129a8
- SHA256
  
  9601038fae36e6734c75ee9a2d5de0198540fb301364224456b272820bcb5883
- SHA512
  
  fb4746bb4a7243d1b17445bd5c5ff4c08b4b6ce7d451c147994c1c6e2a3a656f737e8c9f6f689ab8c9743a9cff0c456429d34654c74ce1460e7cf2148dfdc2cd
- SSDEEP
  
  786432:R10nP3mAz9MPi5pxJfkuS7ijEWCYYjZjW7I1aJ8BUqWQCz1nkZXYn8fhXICdfXrH:L0PJY8xZrIfDg7IksBLC958fhXdfbH5R
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  45574510c534a8195f53b30e3810239e
- SHA1
  
  10bfa95a2f25df14dfe6a55a9e73d9fa5becdb60
- SHA256
  
  c44607a865e7a6db05552baa0ef71f9887d96acd00d123854b44996bc27c0e33
- SHA512
  
  b59d4c8e07748b68da51b2163a2ebafd51cdc546a1776a1105c19f6727dad697692d4fcb137578bb43dc615342a08c2e9e103384b80fc81c3c669aecc9c443c8
Score

1^/10
behavioral13 behavioral14
- Target
  
  chrome_100_percent.pak
- Size
  
  123KB
- MD5
  
  a59ea69d64bf4f748401dc5a46a65854
- SHA1
  
  111c4cc792991faf947a33386a5862e3205b0cff
- SHA256
  
  f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9
- SHA512
  
  12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd
- SSDEEP
  
  3072:YerKzw9bpxlr+bEfF2DGb0+VvfGGY304F2DExm/KLQ2I:YeKzw9Vh90Gb0OveGe04mExhLY
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  chrome_200_percent.pak
- Size
  
  183KB
- MD5
  
  1985b8fc603db4d83df72cfaeeac7c50
- SHA1
  
  5b02363de1c193827062bfa628261b1ec16bd8cf
- SHA256
  
  7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b
- SHA512
  
  27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b
- SSDEEP
  
  3072:yDfDQYaEM+9bslr+bEfEfRIGMR+F8fQnYw9pGbXGYoDd+qHqRxmeK/rIM0:6DQYaF+9bMhCWGMRe8InVXYopym74
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  icudtl.dat
- Size
  
  9.9MB
- MD5
  
  70499b58dc18e7ee1d7452a1d7a8bc6e
- SHA1
  
  41c5382f08c6a88670ce73a20c0dcdb3822f19e9
- SHA256
  
  02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0
- SHA512
  
  a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6
- SSDEEP
  
  196608:uUGwSv9AAQnt6liXUxR0rHa93WhlU6t7CLhl:uoKlQnAliXUxR0rHa93WhlU6t+Ln
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  locales/am.pak
- Size
  
  145KB
- MD5
  
  4e7db89a9f5c07a295de43b745e5658b
- SHA1
  
  3f24cbc02d130ed156f1b4c57dc951a9238dc8ef
- SHA256
  
  4c0b4273dc4103c666ff01ed8b9db995f68c5c178973465bb25cd5cdf99ef01a
- SHA512
  
  c4117d50e2b966345ff86aade385552915ba41bb176fcdcd402fb54949377f00d17eea384ec90df2e3db92354198ce600131b7609eedf108f7b919d5ba330611
- SSDEEP
  
  3072:Mw1jZA/92t7Rh4rgEkDvuHqOVoZL5kiIEG/yZJjhSQVNLWGe/oqM0bvuo00kef9m:716eGurQfZx30jH8+x
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  locales/ar.pak
- Size
  
  148KB
- MD5
  
  70bb1c831327b26e4dd74097f59a55b0
- SHA1
  
  46cf431d19bff9646ae6c6fd0c57e25664178d14
- SHA256
  
  776db47dd91bce8bc813a54a815be3e73b6e58e9fe5f24db7bf0d8c06a240f6a
- SHA512
  
  8f78d18e15ee86b801cb49ee4ee7f5dc06f9730181b849ede944c5d922f7c7ab5814d7879399a712e8bb56b1878011552b6a667a6b8dccef6c6be3f236c3f44a
- SSDEEP
  
  3072:qjf5HjSNsZaJBWGxyxMtxHSM2uZtE9yDSZ1B/G29KSI1+CsI1IiH2L2p:BNsRFoyCsI1Zd
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  locales/bg.pak
- Size
  
  158KB
- MD5
  
  21f9a804fc3dc8f0f5cee065c1ef44e6
- SHA1
  
  a6b998de9fc5c63c9c72622f87ee2967b6828d45
- SHA256
  
  6c62771c4673320b40e6c73b3a6a7fdf441e94e1866021b9f253c93d419fab8a
- SHA512
  
  a589994858a0f8024ceccc9d70492982323e444b4174bc2986ba1d4ded941e895e7f2467c3c5dafb06d90a315114bec923dd0f4f5a5da97485ffa550e051e393
- SSDEEP
  
  3072:SqL3PSFq84yyj4nqoFrqjnfuIOQ3RZzrzCLy8Asg7aUvNgT72e++sUVxW:BPaT+4ndsZzrmLy8ADBNW72e++sUVxW
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  locales/bn.pak
- Size
  
  208KB
- MD5
  
  138a560f045e2f0f20a093b254cc2a86
- SHA1
  
  c77113884c5533d822505de074bbb67524a28cb7
- SHA256
  
  2fa9fa7d2a69818846ff28e05f0f48817a7cd1c608315ac84e4ef3ca43f70ca4
- SHA512
  
  765f7535d7f12498e8145c3e1c816f91371dd86b90e53e69d8e622f6c8ea95c751117ff128ff6949db07f93c76d5877bdea2bc8e5029e8b8a5c228146fa4bd3e
- SSDEEP
  
  1536:zVy2jV+kSYhZp2I3CDzr18JMgeCJvvmvKhqqJmY:BnckSMO0r
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  locales/ca.pak
- Size
  
  101KB
- MD5
  
  5722ad401412745df990eb664554a916
- SHA1
  
  1a2d3a778182c38ef0763866b23e1395689b8e40
- SHA256
  
  93f1feadeb46fc05aa43d8f1b0368e5c57a3eec334187a96a730d7958c6fa9cd
- SHA512
  
  33ff128b6477da4249db01fcf932c4c0fb4de9ae25d9644a79736e44013d3ae8b20553794ad20be910a6e51077e49301861c9a6de46b78e4cdbfbb4e897f25bc
- SSDEEP
  
  3072:5BPsDbcgrI540ZL8lK+O5ajagEScU5hh8XK710bzRh4Rp9nAkpxlCFtdRP3BCill:5WbcgxO5aFEScU5hh8XK50naDnAkpxlu
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  locales/cs.pak
- Size
  
  103KB
- MD5
  
  6817671b166242686c18b0d17dc15a80
- SHA1
  
  cb2b238fa29cc6d8e6abe5f036d0d00b8009b571
- SHA256
  
  0c554977f587f1910ab077d99b97f5011f5c466f0b6d86df08f9a4c7c940d99f
- SHA512
  
  508c1207fdbd5752ab95041900c4b453dadeaa58e17feb5c86e911c75b4703050db8fb801aba3aca74f4daca52d94240e5e5c99b1f267e2dcaf521f8be19cc24
- SSDEEP
  
  1536:ajgv5LSPwmjLVAM1g33zxjGlXq/dheR1PC8QUQdbiE:ajnIQ0Gl6/PeC8QUQdbd
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32