e1205360fba291f359e487f6d1eea09962dc6dc418b5b826985aa1c764e2579c | Triage

Sharing

General

Target

id-F.63616cb3acff2.zip
Size

5.4MB
Sample

221101-xvk9lsfbeq
MD5

026eb263917df42947d097a018425e3b
SHA1

42efd0ae6b131fff1bceb8964e93ac6e64de0a40
SHA256

e1205360fba291f359e487f6d1eea09962dc6dc418b5b826985aa1c764e2579c
SHA512

bb282c5bae6054bcd874d67e29eb98c57160cddc61dd831ff10d2174460cc61fb99548ada3d00d4a4e2745d7f2c6c9d9a082918d5f20ff53726e5845f3157142
SSDEEP

98304:vc+LJaNFhx7MTyRt3xdi3IjA06999rpFpGK6p8pch+cb/Ctp1JL5j1a9rilLK8N:v9NCFoTyjBdi8e9rpFy8Q+cb/Ctpzuxm

Score

8^/10

Malware Config

Targets

- Target
  
  Factura63616.msi
- Size
  
  5.9MB
- MD5
  
  51d879d01cfa3c7a7eb4c3979c6ee52e
- SHA1
  
  f45df4ffef48c11214aca325badbc8f0e41cb0f0
- SHA256
  
  18c1f8bac24ffd44d816b80581f5db5491d054c97e30276a1913d5ae14e957ed
- SHA512
  
  8ed42eb411936b60e072d3c1895751f99ddf2c6ec0f1c6b3ee90fb61b28b609c0acd00417b023cc21d0cd691cbc80316e2b45693f7df731e9128751dd6fc6a9a
- SSDEEP
  
  98304:qYOeNAGDZrMoMreo9urtTXHgBEdu4CV/nrpFZGQIv53c2JYr7rzWoRM5jDB9/J83:1NLa/9uJDHg6cVTpFJnbCoRM5jDugU
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2