General

  • Target

    Stardock.Start11-2.1.1.exe

  • Size

    37.3MB

  • Sample

    241109-xap23azdkf

  • MD5

    b617dd8088690776b9c64f0116abaace

  • SHA1

    0f50d5283bd6149e75c858466867bc7e40d18a53

  • SHA256

    fe562eeea788b89139a2ce10f0c358896877e590fac48efe11570d1334c13657

  • SHA512

    799288f9553cf43eff3256b7a70fdfbcf6a3406d8c8b873e5e2f5b3afb67be580fb66e6ef39c200de62b9965d2682bde1fb929901dbceb7f4d8d9ab4dfe05ca4

  • SSDEEP

    786432:zRqeOUUVoU4rIdIzqoELEEiCc1kV6bAw69N0J2iVCgN:tqeOUUGtIUq/o/CukVrw69NrixN

Malware Config

Targets

    • Target

      Stardock.Start11-2.1.1.exe

    • Size

      37.3MB

    • MD5

      b617dd8088690776b9c64f0116abaace

    • SHA1

      0f50d5283bd6149e75c858466867bc7e40d18a53

    • SHA256

      fe562eeea788b89139a2ce10f0c358896877e590fac48efe11570d1334c13657

    • SHA512

      799288f9553cf43eff3256b7a70fdfbcf6a3406d8c8b873e5e2f5b3afb67be580fb66e6ef39c200de62b9965d2682bde1fb929901dbceb7f4d8d9ab4dfe05ca4

    • SSDEEP

      786432:zRqeOUUVoU4rIdIzqoELEEiCc1kV6bAw69N0J2iVCgN:tqeOUUGtIUq/o/CukVrw69NrixN

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks