Overview

overview

8

Static

static

8

virus2.msi

windows7_x64

8

virus2.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virus2.msi

  • Size

    265KB

  • Sample

    210724-eskmxfjq3a

  • MD5

    adaf86a844ceb4e80e4ca98ccff75d13

  • SHA1

    f87f0382283517ea2a4df566e6d1106034ef4095

  • SHA256

    c1cb8740e27287680dc48fe05b24abccab80c18c34a442bc9dac0a0b7b700241

  • SHA512

    9b48d3b261c71d1dc40d6e4513cf93c6b04a38475b3a357194e1b869ee319a163f81089e4cf36fc497556a1e401c480d76b574786d696e384ea667bd770465d9

Score
8/10
macroxlm

Malware Config

Targets

    • Target

      virus2.msi

    • Size

      265KB

    • MD5

      adaf86a844ceb4e80e4ca98ccff75d13

    • SHA1

      f87f0382283517ea2a4df566e6d1106034ef4095

    • SHA256

      c1cb8740e27287680dc48fe05b24abccab80c18c34a442bc9dac0a0b7b700241

    • SHA512

      9b48d3b261c71d1dc40d6e4513cf93c6b04a38475b3a357194e1b869ee319a163f81089e4cf36fc497556a1e401c480d76b574786d696e384ea667bd770465d9

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks