b50a995230240e2b484750a6db1a66623aa202efbc6307c7d10a4915c4a915b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ZoomSetup_39461927.msi
Size

8.3MB
Sample

220908-azdzrsdcc9
MD5

86644d0c972c10f13c58896b2056a7eb
SHA1

277335a3e9389eeea635008b187c9c06e83648b6
SHA256

b50a995230240e2b484750a6db1a66623aa202efbc6307c7d10a4915c4a915b1
SHA512

599430bac0cd63709d7fb846e2bba36cfb9f5360310ad373545ae5f70e04625ebfc986e87545807e4c929c2e0db02c05405ff4b9be35af8c652e0129aba4b9d3
SSDEEP

98304:EY/QuAaebMInS45E2L/PAY/uPAuezxtG1vgK/2+nGeygUmD7SkJdOK5dYHuAphTM:wS1O/PdxtSgk1HUUxX

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  ZoomSetup_39461927.msi
- Size
  
  8.3MB
- MD5
  
  86644d0c972c10f13c58896b2056a7eb
- SHA1
  
  277335a3e9389eeea635008b187c9c06e83648b6
- SHA256
  
  b50a995230240e2b484750a6db1a66623aa202efbc6307c7d10a4915c4a915b1
- SHA512
  
  599430bac0cd63709d7fb846e2bba36cfb9f5360310ad373545ae5f70e04625ebfc986e87545807e4c929c2e0db02c05405ff4b9be35af8c652e0129aba4b9d3
- SSDEEP
  
  98304:EY/QuAaebMInS45E2L/PAY/uPAuezxtG1vgK/2+nGeygUmD7SkJdOK5dYHuAphTM:wS1O/PdxtSgk1HUUxX
Score

8^/10

persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2