Overview

overview

8

Static

static

install_Dr...2).msi

windows7-x64

8

install_Dr...2).msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    install_DrivesSetup (2).msi

  • Size

    6.6MB

  • Sample

    230125-na1zwsfg88

  • MD5

    2a24bb974a70bfd97c52d5b410b8df3c

  • SHA1

    807265829b8bf779d218919672cb8ca0982ce182

  • SHA256

    2b7b06fe611c2e2e84339fa77efed2abbc46c7021fbe24f8a8c3cb4565712cee

  • SHA512

    2bab3594a2a90bb5bc538ea18bb0a530e6732bfed6a44a50e790c97e07f56e6369559d9093fe14142cc213a2fba585ecd0ae9557809fb3f24097392659388945

  • SSDEEP

    196608:hKTZya3eLkE8L3KrsxDh24oDoeUhFwAqi4s:hKty2E8L3KrsxDh1jhiBt

Score
8/10

Malware Config

Targets

    • Target

      install_DrivesSetup (2).msi

    • Size

      6.6MB

    • MD5

      2a24bb974a70bfd97c52d5b410b8df3c

    • SHA1

      807265829b8bf779d218919672cb8ca0982ce182

    • SHA256

      2b7b06fe611c2e2e84339fa77efed2abbc46c7021fbe24f8a8c3cb4565712cee

    • SHA512

      2bab3594a2a90bb5bc538ea18bb0a530e6732bfed6a44a50e790c97e07f56e6369559d9093fe14142cc213a2fba585ecd0ae9557809fb3f24097392659388945

    • SSDEEP

      196608:hKTZya3eLkE8L3KrsxDh24oDoeUhFwAqi4s:hKty2E8L3KrsxDh1jhiBt

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks