General
-
Target
downloader.msi
-
Size
100.8MB
-
Sample
220920-rw9eyahacl
-
MD5
074b4d4b44b6dd58e537cc5275a3a196
-
SHA1
d8ac38341e87a3f7c54ab5994eec78872fd4095e
-
SHA256
9064a844370f672aa35382abbf3fad00d10400e965d79a64078a9197c3025957
-
SHA512
6ef9de9e5519591a0286fec89657530a22593aeaa60e66677e8b5752aa43823c4c33d958fe9deabf462b30d5d567e09fae7da5577e336c02224fd012cb063cb0
-
SSDEEP
3145728:SFEp1cAjJNOCsXvY27nm0LT419R/pt8OBpt:P7FfknLdTC9R/piqt
Static task
static1
Behavioral task
behavioral1
Sample
downloader.msi
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
downloader.msi
-
Size
100.8MB
-
MD5
074b4d4b44b6dd58e537cc5275a3a196
-
SHA1
d8ac38341e87a3f7c54ab5994eec78872fd4095e
-
SHA256
9064a844370f672aa35382abbf3fad00d10400e965d79a64078a9197c3025957
-
SHA512
6ef9de9e5519591a0286fec89657530a22593aeaa60e66677e8b5752aa43823c4c33d958fe9deabf462b30d5d567e09fae7da5577e336c02224fd012cb063cb0
-
SSDEEP
3145728:SFEp1cAjJNOCsXvY27nm0LT419R/pt8OBpt:P7FfknLdTC9R/piqt
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-