General
-
Target
K-Lite_Codec_Pack_1865_Mega.exe
-
Size
63.2MB
-
Sample
241117-rfh8ta1kbz
-
MD5
fa8610aa129403c358d9682e8fee3795
-
SHA1
3b681133c09e66b7245d1285278311e714d8e504
-
SHA256
566093be23f590310ff2c10df3cd30e5e5446d721efb3db6f2cf424207cf2bba
-
SHA512
07f26e4aa40b4abf6a90765774a9dc5c9c9740059645419f4ef850fb82d7a8b349ea160529712ce506541aef7b52a6c42a4492b028b2abfae3853aac312ee698
-
SSDEEP
1572864:UguLeu8z2HiJfNevmYem9VXlPO0/0OIXWvHsHyMIF:Ug9z2HiJfUOY7LV/0UvGIF
Static task
static1
Behavioral task
behavioral1
Sample
K-Lite_Codec_Pack_1865_Mega.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
K-Lite_Codec_Pack_1865_Mega.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
K-Lite_Codec_Pack_1865_Mega.exe
-
Size
63.2MB
-
MD5
fa8610aa129403c358d9682e8fee3795
-
SHA1
3b681133c09e66b7245d1285278311e714d8e504
-
SHA256
566093be23f590310ff2c10df3cd30e5e5446d721efb3db6f2cf424207cf2bba
-
SHA512
07f26e4aa40b4abf6a90765774a9dc5c9c9740059645419f4ef850fb82d7a8b349ea160529712ce506541aef7b52a6c42a4492b028b2abfae3853aac312ee698
-
SSDEEP
1572864:UguLeu8z2HiJfNevmYem9VXlPO0/0OIXWvHsHyMIF:Ug9z2HiJfUOY7LV/0UvGIF
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1