General

  • Target

    美图安装.zip

  • Size

    22.2MB

  • Sample

    241021-jpeb8avhrd

  • MD5

    60f81c7b440516d6f7c762c30d473f81

  • SHA1

    f8b60ac0c78e1f18f0fea49346928ad87d4f8a54

  • SHA256

    818612ad921f29771f21ec6b130a0ec8919619b2d2c473cf39d99fae111650bd

  • SHA512

    2b55a448d1155db9cf9621298bde996a294dd04f5fb19cd505900c0deef394cacece3f24ccfd53a021c57c805144a856d171c9f3a717c2925faefafeb517df9c

  • SSDEEP

    393216:CI49Z82aC0ph4czKHHCFhjwBiuwn/6XPDd2Zrkzg+utBjojv9ffMzB4/bRT6Bdbf:CI4n82TGhxuCPwBlQSEySK9fjkrT

Malware Config

Targets

    • Target

      美图安装.msi

    • Size

      23.2MB

    • MD5

      e09431c66ea04e55ed254f5ef5ed1441

    • SHA1

      8191debec0a7d2f73493f4a5646f880e259c1b59

    • SHA256

      4a074173f939b088bd475bd1ceac4a6762e90dfff2dacc5708fc19d27c1d004c

    • SHA512

      48d890e5de1d9e4c2b6d5d291757979defe93881ea438313da93741dbb6b1a0cf5f51c0aed98293aa0a9fc82ca8bf06de2954ca7a989e860f9648261fee66c53

    • SSDEEP

      393216:+6sqetJAup5QGgVetVEpjNExoYUx9izpHBMb3QDosQFHDoF1BhfM3xgPbfEbXPpO:AqetJHTQLUYjExfoQC0G8BhjKp

    • Adds Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks