bfdd77d54f9b6a3262e6de478cc836982fd4f035f3b5e78a85a72abc578eee55 | Triage

Sharing

General

Target

Macrobond.x64.msi
Size

17.1MB
Sample

221208-gjmejacb3v
MD5

5fca46ed2be6a15b773727478f3dac75
SHA1

207b1b751181a681efe8983a89113e59cfdf7ede
SHA256

bfdd77d54f9b6a3262e6de478cc836982fd4f035f3b5e78a85a72abc578eee55
SHA512

2dfe3bafd55e3c3632fccfeed1d5406a32ef6f9650184227951221e82156906b05e9084803e5e46c08f66f5b5a5f56ce721c37cf3ec91d7521951f4d0f459532
SSDEEP

393216:cTIomVkuMRC3scJhMbDLqZeB+UlA8lQ/mlIHY:8mfMEXU+oQUGqlI4

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Macrobond.x64.msi
- Size
  
  17.1MB
- MD5
  
  5fca46ed2be6a15b773727478f3dac75
- SHA1
  
  207b1b751181a681efe8983a89113e59cfdf7ede
- SHA256
  
  bfdd77d54f9b6a3262e6de478cc836982fd4f035f3b5e78a85a72abc578eee55
- SHA512
  
  2dfe3bafd55e3c3632fccfeed1d5406a32ef6f9650184227951221e82156906b05e9084803e5e46c08f66f5b5a5f56ce721c37cf3ec91d7521951f4d0f459532
- SSDEEP
  
  393216:cTIomVkuMRC3scJhMbDLqZeB+UlA8lQ/mlIHY:8mfMEXU+oQUGqlI4
Score

8^/10

persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2