General
-
Target
liquidlauncher_0.3.0_x64_en-US.msi
-
Size
8.1MB
-
Sample
241121-spvhwatja1
-
MD5
723d227589b2292ccad10025944b0073
-
SHA1
4312057f848e0a412884ec7c3186e4f2c99af531
-
SHA256
19c120e8809d2314db86a2bfebc677f9733fdc1874de0ef2248f904460f9b271
-
SHA512
9a076c96855370942598ea95c29c6a5b86122705d9ff686e31f335b780f05b5a22b3cc805ea2cdd5ae5f6b7ba2afcfc33ce36d66edef2559fc8e1b667a649c5c
-
SSDEEP
196608:Ut0KRLXYDUlax9KmN+YrrVa3fW/edCmtxv1gwO16uyVH27XbFz:Ut0KRLXYsaCg+YfVav+ACmt9qE3F0LF
Malware Config
Targets
-
-
Target
liquidlauncher_0.3.0_x64_en-US.msi
-
Size
8.1MB
-
MD5
723d227589b2292ccad10025944b0073
-
SHA1
4312057f848e0a412884ec7c3186e4f2c99af531
-
SHA256
19c120e8809d2314db86a2bfebc677f9733fdc1874de0ef2248f904460f9b271
-
SHA512
9a076c96855370942598ea95c29c6a5b86122705d9ff686e31f335b780f05b5a22b3cc805ea2cdd5ae5f6b7ba2afcfc33ce36d66edef2559fc8e1b667a649c5c
-
SSDEEP
196608:Ut0KRLXYDUlax9KmN+YrrVa3fW/edCmtxv1gwO16uyVH27XbFz:Ut0KRLXYsaCg+YfVav+ACmt9qE3F0LF
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Network Share Discovery
Attempt to gather information on host network.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1