42d0edbb6ad47bbf8333c7b146836b3f3a18ecf27f89ddb0b2462f09b3f89c3a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FortiClientVPNSetup_6.4.6.1658_x64.exe
Size

117.5MB
Sample

230106-yd6dwsfa8z
MD5

39ff03bd5446c9f98185dc8d6b181221
SHA1

1bc79603a8823cb143ef0844aa12077fadcb7ec0
SHA256

42d0edbb6ad47bbf8333c7b146836b3f3a18ecf27f89ddb0b2462f09b3f89c3a
SHA512

b0a977ecd9de7ae27ddce94f874603d0955b4bcc1a35a2af645caef89d9b58273c35585ea23d56eb49762b8b0b62896dcbefc2b79b4d7fb947e0680b1fa18e8a
SSDEEP

1572864:GzLxQnPG+pRTDQwNRQU9jsq61rn4ONuN7ec57IWL8eT3SsVnWHU84vhpL:GzFmr/NdjsH4ONvc57IWIWS0nW+3

Score

7^/10

Malware Config

Targets

- Target
  
  FortiClientVPNSetup_6.4.6.1658_x64.exe
- Size
  
  117.5MB
- MD5
  
  39ff03bd5446c9f98185dc8d6b181221
- SHA1
  
  1bc79603a8823cb143ef0844aa12077fadcb7ec0
- SHA256
  
  42d0edbb6ad47bbf8333c7b146836b3f3a18ecf27f89ddb0b2462f09b3f89c3a
- SHA512
  
  b0a977ecd9de7ae27ddce94f874603d0955b4bcc1a35a2af645caef89d9b58273c35585ea23d56eb49762b8b0b62896dcbefc2b79b4d7fb947e0680b1fa18e8a
- SSDEEP
  
  1572864:GzLxQnPG+pRTDQwNRQU9jsq61rn4ONuN7ec57IWL8eT3SsVnWHU84vhpL:GzFmr/NdjsH4ONvc57IWIWS0nW+3
Score

7^/10
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2