General
-
Target
dotnet-sdk-8.0.403-win-x64.exe
-
Size
219.5MB
-
Sample
241020-se5wvswelq
-
MD5
9e625bd1dcdd6099ddbdfc59c19c5dc5
-
SHA1
43f2596ab5659c58c32441eb8fd7f02ab8aae865
-
SHA256
3af9fa47407984f82152fe37315797b90073021350ee6a06a3ca077bf5271aef
-
SHA512
b4166cedeac4aa66e5201093b59ece18d9c3f9f037a4a1b9e3f90e866a921dc17edbc301c59ad17b7936f83aaf327a423b771127540521ffb475a8dece955adb
-
SSDEEP
3145728:ZqOGp8nPQG1QTgMSs/mdcGVulvIBawW2Tv4Tge6m6P3faoOoB3YOj/+Z+01qCFCD:8inPZkmdcGVvRW2s6m6/nYOiZ+oqRh
Malware Config
Targets
-
-
Target
dotnet-sdk-8.0.403-win-x64.exe
-
Size
219.5MB
-
MD5
9e625bd1dcdd6099ddbdfc59c19c5dc5
-
SHA1
43f2596ab5659c58c32441eb8fd7f02ab8aae865
-
SHA256
3af9fa47407984f82152fe37315797b90073021350ee6a06a3ca077bf5271aef
-
SHA512
b4166cedeac4aa66e5201093b59ece18d9c3f9f037a4a1b9e3f90e866a921dc17edbc301c59ad17b7936f83aaf327a423b771127540521ffb475a8dece955adb
-
SSDEEP
3145728:ZqOGp8nPQG1QTgMSs/mdcGVulvIBawW2Tv4Tge6m6P3faoOoB3YOj/+Z+01qCFCD:8inPZkmdcGVvRW2s6m6/nYOiZ+oqRh
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1