General

  • Target

    LagoFastInstaller__20240322_180853_channel112.exe

  • Size

    3.1MB

  • Sample

    241122-g4j5xawjat

  • MD5

    3cc48e16039fa2c5025e07cbe5cfb1b0

  • SHA1

    447d5c9adeca1e9a5307ffd6226cee39eb5b828b

  • SHA256

    669d27950b48a05b28047f7ab36dcfdc0340b87cae36f7a764422e7331b5a602

  • SHA512

    693358940e71e8b3026525469342bf388041e53b3bf4e260b886f813adda11265a147066324dcde5a7412929f479e6f4f16c694ca265cdc520b673630f0eae43

  • SSDEEP

    49152:B3zzQzRagpVfwuzpSIZ4cNT5BBqVpzZOBVon/FdM7OViNvVxxx+d+S8BQOkHD3+D:BzzeDRzpSIcq1

Malware Config

Targets

    • Target

      LagoFastInstaller__20240322_180853_channel112.exe

    • Size

      3.1MB

    • MD5

      3cc48e16039fa2c5025e07cbe5cfb1b0

    • SHA1

      447d5c9adeca1e9a5307ffd6226cee39eb5b828b

    • SHA256

      669d27950b48a05b28047f7ab36dcfdc0340b87cae36f7a764422e7331b5a602

    • SHA512

      693358940e71e8b3026525469342bf388041e53b3bf4e260b886f813adda11265a147066324dcde5a7412929f479e6f4f16c694ca265cdc520b673630f0eae43

    • SSDEEP

      49152:B3zzQzRagpVfwuzpSIZ4cNT5BBqVpzZOBVon/FdM7OViNvVxxx+d+S8BQOkHD3+D:BzzeDRzpSIcq1

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks