e159d860d0cfa59816c686e4a9914113.exe

General
Target

e159d860d0cfa59816c686e4a9914113.exe

Size

21MB

Sample

211014-gak54sgce2

Score
8 /10
MD5

e159d860d0cfa59816c686e4a9914113

SHA1

484539b10b659fb4ab48e79bb0de0d0879153426

SHA256

6b6fc62a294d5ef1c619d623f1cf6d735d9f191df9ef5c745b0881b1e01b8565

SHA512

63c8fd0c70c18406909d914af5f0c8ab0708bbeee7e896d54c77b80e32b0fbb413e87d9e93498ddbbbaacf24a98cacabac81b861982749d6671ae7a05b1fbab2

Malware Config
Targets
Target

e159d860d0cfa59816c686e4a9914113.exe

MD5

e159d860d0cfa59816c686e4a9914113

Filesize

21MB

Score
8 /10
SHA1

484539b10b659fb4ab48e79bb0de0d0879153426

SHA256

6b6fc62a294d5ef1c619d623f1cf6d735d9f191df9ef5c745b0881b1e01b8565

SHA512

63c8fd0c70c18406909d914af5f0c8ab0708bbeee7e896d54c77b80e32b0fbb413e87d9e93498ddbbbaacf24a98cacabac81b861982749d6671ae7a05b1fbab2

Signatures

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      8/10

                      behavioral2

                      8/10