Resubmissions

04/07/2025, 12:43

250704-px85fstlx6 8

04/07/2025, 12:37

250704-ptx8sahq51 8

General

  • Target

    cispro_installer.exe

  • Size

    84.9MB

  • Sample

    250704-ptx8sahq51

  • MD5

    fb3705b29ec51f2f09ddd66e3d55e0c5

  • SHA1

    b2ece3006626fa5e9a1bf45a0259b82cdcd22380

  • SHA256

    9ba85f49276a94d335553631bff096f370f17671f0fa6914dd884e7719d05f83

  • SHA512

    5ed20a5f6548ad6e84a272220420442390e6b7abb88528ec43c988a2cd3f0df20fb05a37a0a0b87eb1f3ac1e231fcde9f70407bbea8bf18cec53cc49f13ffece

  • SSDEEP

    1572864:eXdgNOu6/Iu53EUrNauTkUJza+uQaH4uRIEiUMvZShFSe+mWnJHB:Oju6/h5tTdRaueZikHSGWlB

Malware Config

Targets

    • Target

      cispro_installer.exe

    • Size

      84.9MB

    • MD5

      fb3705b29ec51f2f09ddd66e3d55e0c5

    • SHA1

      b2ece3006626fa5e9a1bf45a0259b82cdcd22380

    • SHA256

      9ba85f49276a94d335553631bff096f370f17671f0fa6914dd884e7719d05f83

    • SHA512

      5ed20a5f6548ad6e84a272220420442390e6b7abb88528ec43c988a2cd3f0df20fb05a37a0a0b87eb1f3ac1e231fcde9f70407bbea8bf18cec53cc49f13ffece

    • SSDEEP

      1572864:eXdgNOu6/Iu53EUrNauTkUJza+uQaH4uRIEiUMvZShFSe+mWnJHB:Oju6/h5tTdRaueZikHSGWlB

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks for any installed AV software in registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v16

Tasks