Overview

overview

8

Static

static

8

d13d644d11...69.msi

windows7_x64

8

d13d644d11...69.msi

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d13d644d111ba1ad4a95d7c6dfd9b669.msi

  • Size

    264KB

  • Sample

    211013-t78znaedhk

  • MD5

    d13d644d111ba1ad4a95d7c6dfd9b669

  • SHA1

    3c9871a124d2eebeb68ebbfd49fe9b05320a4972

  • SHA256

    630793d812d85e763f5042ec21cfa2d5da436ee535fdd1ccd00b52c45f82ccb9

  • SHA512

    4f03ce84adfb108da2245914949a6a133b479d05fbde75ced318ad4142d34aebea0d318bdbfd66fd876e3fa146e9cd8379a32b4ebed3a5e37dd9624cf63a7ddb

Score
8/10
macropersistencexlm

Malware Config

Targets

    • Target

      d13d644d111ba1ad4a95d7c6dfd9b669.msi

    • Size

      264KB

    • MD5

      d13d644d111ba1ad4a95d7c6dfd9b669

    • SHA1

      3c9871a124d2eebeb68ebbfd49fe9b05320a4972

    • SHA256

      630793d812d85e763f5042ec21cfa2d5da436ee535fdd1ccd00b52c45f82ccb9

    • SHA512

      4f03ce84adfb108da2245914949a6a133b479d05fbde75ced318ad4142d34aebea0d318bdbfd66fd876e3fa146e9cd8379a32b4ebed3a5e37dd9624cf63a7ddb

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks