General
-
Target
Installer.exe
-
Size
379KB
-
Sample
241112-vr22vaxdkn
-
MD5
e510cece47d51be80dacd878aa1da948
-
SHA1
68f17bf7d4d1373f33c5feb775cc5de39f9b6b39
-
SHA256
079687c4e1302522259c693fcd905bfcd9dfac0aa763bbc7cf22e89b732d8690
-
SHA512
8c7cf0f1682e06c8938fb84fe2d6749acc8a045ddc716c99431d9f89215dc6fc9c959f582417e91dc4a870687d8a6ba5a5098ba959bdf91a0e8dc39492a69f74
-
SSDEEP
6144:Fc8q8lBmdvjnKjBvrAU7ELe6VlWT8b9DFBUVFdl6grp1baMdt:FVqaBmYFvkLPVle8NFuBA
Static task
static1
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Installer.exe
-
Size
379KB
-
MD5
e510cece47d51be80dacd878aa1da948
-
SHA1
68f17bf7d4d1373f33c5feb775cc5de39f9b6b39
-
SHA256
079687c4e1302522259c693fcd905bfcd9dfac0aa763bbc7cf22e89b732d8690
-
SHA512
8c7cf0f1682e06c8938fb84fe2d6749acc8a045ddc716c99431d9f89215dc6fc9c959f582417e91dc4a870687d8a6ba5a5098ba959bdf91a0e8dc39492a69f74
-
SSDEEP
6144:Fc8q8lBmdvjnKjBvrAU7ELe6VlWT8b9DFBUVFdl6grp1baMdt:FVqaBmYFvkLPVle8NFuBA
-
Modifies WinLogon for persistence
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1AppInit DLLs
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1