General

  • Target

    aerochat-setup.exe

  • Size

    28.5MB

  • Sample

    241109-m1yrsataph

  • MD5

    f8a347f76db3fb4d272d2e3a48248aa4

  • SHA1

    89256e855cdcf9a4d2deb73c0c7c1ccfcdd8a93d

  • SHA256

    885e6675e00a1718b789009c8f3699f4234b9af7f28a5773ef771f861d36da66

  • SHA512

    f1b467031681be1ea5627cc46969cb31622730c75e95e94f18ee74019bdd7960ce70c0128a150f9a4d65004e5306d310bdcc672a0066efc26d1c472a8c49c93d

  • SSDEEP

    786432:SGvipWnAiQK9q5trS8/4ahN3GAHyHwFwlr:xva6hU5JV4a31FAr

Score
7/10

Malware Config

Targets

    • Target

      aerochat-setup.exe

    • Size

      28.5MB

    • MD5

      f8a347f76db3fb4d272d2e3a48248aa4

    • SHA1

      89256e855cdcf9a4d2deb73c0c7c1ccfcdd8a93d

    • SHA256

      885e6675e00a1718b789009c8f3699f4234b9af7f28a5773ef771f861d36da66

    • SHA512

      f1b467031681be1ea5627cc46969cb31622730c75e95e94f18ee74019bdd7960ce70c0128a150f9a4d65004e5306d310bdcc672a0066efc26d1c472a8c49c93d

    • SSDEEP

      786432:SGvipWnAiQK9q5trS8/4ahN3GAHyHwFwlr:xva6hU5JV4a31FAr

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks