General
-
Target
install_DrivesSetup (2).msi
-
Size
6.6MB
-
Sample
230125-na1zwsfg88
-
MD5
2a24bb974a70bfd97c52d5b410b8df3c
-
SHA1
807265829b8bf779d218919672cb8ca0982ce182
-
SHA256
2b7b06fe611c2e2e84339fa77efed2abbc46c7021fbe24f8a8c3cb4565712cee
-
SHA512
2bab3594a2a90bb5bc538ea18bb0a530e6732bfed6a44a50e790c97e07f56e6369559d9093fe14142cc213a2fba585ecd0ae9557809fb3f24097392659388945
-
SSDEEP
196608:hKTZya3eLkE8L3KrsxDh24oDoeUhFwAqi4s:hKty2E8L3KrsxDh1jhiBt
Static task
static1
Behavioral task
behavioral1
Sample
install_DrivesSetup (2).msi
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
install_DrivesSetup (2).msi
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
install_DrivesSetup (2).msi
-
Size
6.6MB
-
MD5
2a24bb974a70bfd97c52d5b410b8df3c
-
SHA1
807265829b8bf779d218919672cb8ca0982ce182
-
SHA256
2b7b06fe611c2e2e84339fa77efed2abbc46c7021fbe24f8a8c3cb4565712cee
-
SHA512
2bab3594a2a90bb5bc538ea18bb0a530e6732bfed6a44a50e790c97e07f56e6369559d9093fe14142cc213a2fba585ecd0ae9557809fb3f24097392659388945
-
SSDEEP
196608:hKTZya3eLkE8L3KrsxDh24oDoeUhFwAqi4s:hKty2E8L3KrsxDh1jhiBt
Score8/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-