General
-
Target
macOS Transformation Pack 5.0.zip
-
Size
186.9MB
-
Sample
240701-x8zzxsyhlr
-
MD5
0d299d581c0a274d15ed7d637eacaa03
-
SHA1
dca1a0364b26b4ebfe89946a3d348556d0736161
-
SHA256
44c6d34c298f77d3914d42004275c5cfec9ea44857d0adbd6d3bd4da2dd838ee
-
SHA512
8e2ea2c2a668482ba8f62fd2dd43d602ac43cf2fb0d8be6f450f9633007d9ea8f4e04d4e4675354672a0c1719ad5634ed899d765ca5b7cf2c4f62042f36921d9
-
SSDEEP
3145728:HGKqW1I6hr/gD0VqMz9WBd965gJyOcU8V5eL31m6Wa5Iiyc6HolC66Q8Wisw1to:HGKqkI84svz8B/6gyO/8V5epDW2yc6HA
Static task
static1
Behavioral task
behavioral1
Sample
Created by WindowsXLive.net.url
Resource
win10v2004-20240611-es
Behavioral task
behavioral2
Sample
Official mirror ThemeMyPC.net.url
Resource
win10v2004-20240611-es
Behavioral task
behavioral3
Sample
macOS Transformation Pack 5.0.exe
Resource
win10v2004-20240611-es
Malware Config
Targets
-
-
Target
Created by WindowsXLive.net.URL
-
Size
130B
-
MD5
3e032863cbd62b376db01ec38410e270
-
SHA1
34b5122409153f4d931aeb4288c17cec836f4179
-
SHA256
d5de060178a29689821b3e4df9572ea7160f067007325f877221db63ec70c4c4
-
SHA512
22a97d55ee72346d297ec18e8d9d23aeea602b66fbe0b679b82442ed3c0e15d8d6d1734d21c2dc797def5608ea564dd6c4f65b3f97f5cc8a1a9f40785e38e1a6
Score1/10 -
-
-
Target
Official mirror ThemeMyPC.net.URL
-
Size
124B
-
MD5
6561c2246cae78874ddb8cd01016a47e
-
SHA1
ee6511a61244fc193ca9c567e426ecff8c62f77b
-
SHA256
f861e9eeef5f0c97d100d0771132f85ded0c6a28ced5e1a5096a59dc981823c7
-
SHA512
d49e896d3ebd678376dd2212f3e5ce43e30058d171060b4730c68b4058312408bee0bcfec15158b787e5d0a74fa847374be5edb8ba5e0eadcd89b0e05b4f55f7
Score1/10 -
-
-
Target
macOS Transformation Pack 5.0.exe
-
Size
187.8MB
-
MD5
ba5a81bd7b82b3abcc0d9735e480f9e5
-
SHA1
fdaa6fbe4cb3b752cacb5af17c8ee9c30584cd91
-
SHA256
8feb8e32ced641e2b1c2d83eda71ec82b7cea57cbcd37a474533fe19e94d4389
-
SHA512
695ce1907ac002888fd4551364823aad0e1b0a5a934c7f68b03e42f27f8140bb17fb18777314d4196f2b57e1a15a6f6fc0678f1f3aa4801f56ea6adc6e061f22
-
SSDEEP
3145728:dasbziO5XorIO+3BRplcdzPE6vhmA098yjkKsgTde0QyiczISK/vYi7Gx/POCVez:wsb7o7+xRjczPE6JnKAc0/QLx/1u3r
-
Creates new service(s)
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
2Safe Mode Boot
1File and Directory Permissions Modification
1Modify Registry
2