Threat Analysis: MSI - Masquerading as a Software Installer
The Cybereason Global Security Operations Center (GSOC) issues a Purple Team Series of its Threat Analysis reports to provide a technical overview of the technologies and techniques threat actors use to compromise victims’ machines.
Some notable actions include the following–Initialize installation directoriesDrop files to the installation directoriesAdd a registry value for the installing softwaresCustom Actions: Standard Actions may not be enough for developers to execute the installation logic. These tables are crucial for MSI to determine the execution flow, as well as the exact actions needed for the installation. ActionsThe MSI contains a set of subroutines to execute the installation.
Source read time: 23 min - cybereason.com
Also offered in: Nederlands