General
-
Target
DamnedSetup.7z
-
Size
96.9MB
-
Sample
250704-plergahn5w
-
MD5
a6f8781600bbca5eef67ae4b414eae48
-
SHA1
cf4e18319cada725f52aef0e18a5aaf2550c60c2
-
SHA256
b116537406caed99bdee0ddfc1d8487df54a8f84dd4bad0fb67c9c02d783c0a2
-
SHA512
96a5680a05bd2fd1e4302e2767d4335047d06c23e98b8e990f3de2460001799dc2c3a9c81c37fa16194a157b9189dbebdd3e624e5667a9581c45cd7b972db447
-
SSDEEP
1572864:v5Pk29eFluJuNodQVmM63Kp0uPaJx4LNcQHxUtSWeTcxwjPatPIUeMCTO16Miz:v5IbommM6apbEGJcYvQlUXz
Static task
static1
Behavioral task
behavioral1
Sample
DamnedSetup.msi
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
DamnedSetup.msi
-
Size
97.1MB
-
MD5
a3b2ccc47d3960cda3df9c46c5c1bb12
-
SHA1
9e45576fcc404ada8f864e2683ecd0559dd8c181
-
SHA256
fbe050327d4e11ab9546a1312d1d0b5e86b53a0c41eed718087cbaf7a685a3f5
-
SHA512
5c3c396c945501ffabf3396bd2da0fc3d87a7de5718f5cc0ccdf9b571b410cd2d8a0fea68d26f7c77f2a8d5b8adf747f95850e3494522493e40cb981d90dc007
-
SSDEEP
1572864:QWmehNW8JhN3bcp+ZkKfSiNWQuOl87KZLQ7m+9MdE9zXIf3czD4NzRo:QWKob3ZkKaio+C2ZceyLT
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
MITRE ATT&CK Enterprise v16
Persistence
Event Triggered Execution
1Installer Packages
1Modify Authentication Process
1Defense Evasion
Modify Authentication Process
1System Binary Proxy Execution
1Msiexec
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1