General

  • Target

    RTC_Launcher.exe

  • Size

    1.3MB

  • Sample

    241031-bhjpcswcrn

  • MD5

    c8ffb248834afeabbcf835aa2bae314b

  • SHA1

    b79a409f7f65109f416b97047c60e14eac36774f

  • SHA256

    77625aec027ad9fa8ac5f01d8e98c27c3a1258dad1877b12208c4408dee441aa

  • SHA512

    e39f394804b25a604277df7f64e7d381a19049f8bbcabc7eddac220534dd505595bea39ccdc14d4499a150943256fbec928874a0ac77772b72dc731f21dfc544

  • SSDEEP

    24576:Bws9Pv8BGzuzkYTixI0INcOYUNfw+Jwz/S/6Z:BdVv8BGzKzUeGOYMw+W7SC

Malware Config

Targets

    • Target

      RTC_Launcher.exe

    • Size

      1.3MB

    • MD5

      c8ffb248834afeabbcf835aa2bae314b

    • SHA1

      b79a409f7f65109f416b97047c60e14eac36774f

    • SHA256

      77625aec027ad9fa8ac5f01d8e98c27c3a1258dad1877b12208c4408dee441aa

    • SHA512

      e39f394804b25a604277df7f64e7d381a19049f8bbcabc7eddac220534dd505595bea39ccdc14d4499a150943256fbec928874a0ac77772b72dc731f21dfc544

    • SSDEEP

      24576:Bws9Pv8BGzuzkYTixI0INcOYUNfw+Jwz/S/6Z:BdVv8BGzKzUeGOYMw+W7SC

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks