General
-
Target
PI-windows-x64-01.08.05.1353-20170809-t.exe
-
Size
233.6MB
-
Sample
241113-x33hvsxldx
-
MD5
5de647abf6535d1fafd642e1b5ecbc16
-
SHA1
e6445186e23577797feaf5cec7ce289e82af74a9
-
SHA256
f02cafb2bd8c744573f5c3d0b870bef6c3b633132c72809f8ca89fc7e205d0dc
-
SHA512
cad798b3cfe14784c5e5d99b03fec4bddd3b27664d8a0b10c706c5e2608062e4ace960b4a8b6dc69df307f3b6e8595f6d5bd13525d13e064377eeb60a2c12713
-
SSDEEP
6291456:b7V7Ynk1babD8+AJbWhmdesQlCDLd+jcKm0Ab5f2f:b7VMisD8TJbwu+jcKhp
Static task
static1
Malware Config
Targets
-
-
Target
PI-windows-x64-01.08.05.1353-20170809-t.exe
-
Size
233.6MB
-
MD5
5de647abf6535d1fafd642e1b5ecbc16
-
SHA1
e6445186e23577797feaf5cec7ce289e82af74a9
-
SHA256
f02cafb2bd8c744573f5c3d0b870bef6c3b633132c72809f8ca89fc7e205d0dc
-
SHA512
cad798b3cfe14784c5e5d99b03fec4bddd3b27664d8a0b10c706c5e2608062e4ace960b4a8b6dc69df307f3b6e8595f6d5bd13525d13e064377eeb60a2c12713
-
SSDEEP
6291456:b7V7Ynk1babD8+AJbWhmdesQlCDLd+jcKm0Ab5f2f:b7VMisD8TJbwu+jcKhp
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1