b55c4aec48d0564b8f003d74531e627273219c73c274d239ede65e79a3df943a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

id-F.63c47b8a03bb2.zip
Size

5.9MB
Sample

230115-17w4esha3s
MD5

88ae5410b710eb54ffce883392f073f1
SHA1

bf2a48f72da7b386515deee3b27e414b64c22473
SHA256

b55c4aec48d0564b8f003d74531e627273219c73c274d239ede65e79a3df943a
SHA512

4509ab787a0cc2007fccb2b4c60fbfe25e9eb1da07df0edddcee88aea921f26802a46fe83e38092541e48dfa1842a85e935bde1ad3cca5e7e1ab6f9e66b30923
SSDEEP

98304:TRrR6EMiC8AcA1Gk42FSORzuOgsl8WSob6S/8buJVkD8JMfjWWnfSWvn8KLNARH9:1rcxn8ecOR+slJSu/8buTkD0q1nfPkWy

Score

8^/10

Malware Config

Targets

- Target
  
  Factura63c47.msi
- Size
  
  6.6MB
- MD5
  
  2187f88f99a58bbe6d8d76447ddec93e
- SHA1
  
  86b0b6e867b97f68b666fd2d93b42b8308d7426e
- SHA256
  
  7aed2f04618c60642965a3544d5927aa58b4092c1cce70c3a9ed55f161bb4a0a
- SHA512
  
  bc7bfad3a1f2e86a4e56adb2caf78f2123dd256cfcb37f6143ab0ff090b5391cbb5df3515dba1bfb53bce61bc6044b0c64681c3657781eff670bdf6f9b712a53
- SSDEEP
  
  98304:NYEtM2Af5tdoOS8mcA18WgQLKk9jEOy0pqQdA43Ak+jVktqMh8+pBwThNVCjHRrG:9M5tyr8mak9c0p243MlQwTLVCxZw
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3