dfb42f65ae6654e316a9e069a7cfca759434cd3e450a76714162507d95200332 | Triage

Sharing

General

Target

mRemoteNG-Installer-1.77.1.27654.msi
Size

41.9MB
Sample

200529-wcb6k5lq9a
MD5

96fdcc54ed76dd471e319f9fc065efc1
SHA1

df4dc518681e08ff7a845502279141857dc76e53
SHA256

dfb42f65ae6654e316a9e069a7cfca759434cd3e450a76714162507d95200332
SHA512

496693707cbdfd929ae0767881c52076bff06d46b24f999014081109d57d464533ec32eb23df25bbb6c8414a3d93ff645e6cc06a8c67eef3433a8144b5c7110f

Score

8^/10

evasion macro spyware trojan

Malware Config

Targets

- Target
  
  mRemoteNG-Installer-1.77.1.27654.msi
- Size
  
  41.9MB
- MD5
  
  96fdcc54ed76dd471e319f9fc065efc1
- SHA1
  
  df4dc518681e08ff7a845502279141857dc76e53
- SHA256
  
  dfb42f65ae6654e316a9e069a7cfca759434cd3e450a76714162507d95200332
- SHA512
  
  496693707cbdfd929ae0767881c52076bff06d46b24f999014081109d57d464533ec32eb23df25bbb6c8414a3d93ff645e6cc06a8c67eef3433a8144b5c7110f
Score

8^/10

evasion spyware trojan
- Blacklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
  evasion spyware trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywaretrojan

behavioral2

evasionspywaretrojan