Resubmissions

20-09-2022 15:06

220920-sg6aeadec5 8

20-09-2022 14:33

220920-rw9eyahacl 8

20-09-2022 14:28

220920-rs7f6sdde7 8

General

  • Target

    downloader.msi

  • Size

    100.8MB

  • Sample

    220920-rw9eyahacl

  • MD5

    074b4d4b44b6dd58e537cc5275a3a196

  • SHA1

    d8ac38341e87a3f7c54ab5994eec78872fd4095e

  • SHA256

    9064a844370f672aa35382abbf3fad00d10400e965d79a64078a9197c3025957

  • SHA512

    6ef9de9e5519591a0286fec89657530a22593aeaa60e66677e8b5752aa43823c4c33d958fe9deabf462b30d5d567e09fae7da5577e336c02224fd012cb063cb0

  • SSDEEP

    3145728:SFEp1cAjJNOCsXvY27nm0LT419R/pt8OBpt:P7FfknLdTC9R/piqt

Score
8/10

Malware Config

Targets

    • Target

      downloader.msi

    • Size

      100.8MB

    • MD5

      074b4d4b44b6dd58e537cc5275a3a196

    • SHA1

      d8ac38341e87a3f7c54ab5994eec78872fd4095e

    • SHA256

      9064a844370f672aa35382abbf3fad00d10400e965d79a64078a9197c3025957

    • SHA512

      6ef9de9e5519591a0286fec89657530a22593aeaa60e66677e8b5752aa43823c4c33d958fe9deabf462b30d5d567e09fae7da5577e336c02224fd012cb063cb0

    • SSDEEP

      3145728:SFEp1cAjJNOCsXvY27nm0LT419R/pt8OBpt:P7FfknLdTC9R/piqt

    Score
    8/10
    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Tasks