General
-
Target
Retrac.Launcher_1.0.14_x64_en-US.msi
-
Size
6.8MB
-
Sample
241119-w5b81szcpd
-
MD5
ae30168aa8f32e9a4f00df855a303509
-
SHA1
287b7fba5ff1ba3f5261b8a842da3f6b23e61e02
-
SHA256
b99bb0941d2258332591632921c5fd9a35bcc2487e69cf2b7a92579965dafc2c
-
SHA512
4e88b2402fcf60465d8990227f13d5d0c7e016a7a62b0478d7b26406e3cbde86e31e212d5b5cbcb4dad08222694f02008c078cfcd0ed6cd851756fd832bf563d
-
SSDEEP
196608:0wcRCejj2fzY5Uj1H7lNMsR2AcEE7IEEvo1L1:dcR//2bYI1blIA/wWUL1
Malware Config
Targets
-
-
Target
Retrac.Launcher_1.0.14_x64_en-US.msi
-
Size
6.8MB
-
MD5
ae30168aa8f32e9a4f00df855a303509
-
SHA1
287b7fba5ff1ba3f5261b8a842da3f6b23e61e02
-
SHA256
b99bb0941d2258332591632921c5fd9a35bcc2487e69cf2b7a92579965dafc2c
-
SHA512
4e88b2402fcf60465d8990227f13d5d0c7e016a7a62b0478d7b26406e3cbde86e31e212d5b5cbcb4dad08222694f02008c078cfcd0ed6cd851756fd832bf563d
-
SSDEEP
196608:0wcRCejj2fzY5Uj1H7lNMsR2AcEE7IEEvo1L1:dcR//2bYI1blIA/wWUL1
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Legitimate hosting services abused for malware hosting/C2
-
Network Share Discovery
Attempt to gather information on host network.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1