ca6e3ff4fd833ea30e613c4f9e228a04780542575a4f915256fa81349730abfa

Resubmissions

02/02/2023, 16:31

230202-t1tamaac37 8

01/02/2023, 23:34

01/02/2023, 05:43

01/02/2023, 03:57

01/02/2023, 03:48

31/01/2023, 19:56

31/01/2023, 19:48

Sharing

Copy URL Twitter E-mail

General

Target

Documents invoice.msi
Size

4.2MB
Sample

230131-yjg89aaa52
MD5

97114551042ab1550cca8a85ca405da1
SHA1

6266c37fb9945e3adf4aa09c16526537c5197ba3
SHA256

ca6e3ff4fd833ea30e613c4f9e228a04780542575a4f915256fa81349730abfa
SHA512

e2588055ea1170320d342f1f13f03155ad58aec7828a6e44589ba08d6e1975b21e23a0ccb0ed18051c3e393e14d34dbc1f5a2a5556eb095155d3914653021df4
SSDEEP

98304:pPKnw39kiUnMUYeg8F1HWMUKFln1vEsZSKRkGDs19sirjNGj/:swNJUnMUYetUKFZROBGu5f0j

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Documents invoice.msi
- Size
  
  4.2MB
- MD5
  
  97114551042ab1550cca8a85ca405da1
- SHA1
  
  6266c37fb9945e3adf4aa09c16526537c5197ba3
- SHA256
  
  ca6e3ff4fd833ea30e613c4f9e228a04780542575a4f915256fa81349730abfa
- SHA512
  
  e2588055ea1170320d342f1f13f03155ad58aec7828a6e44589ba08d6e1975b21e23a0ccb0ed18051c3e393e14d34dbc1f5a2a5556eb095155d3914653021df4
- SSDEEP
  
  98304:pPKnw39kiUnMUYeg8F1HWMUKFln1vEsZSKRkGDs19sirjNGj/:swNJUnMUYetUKFZROBGu5f0j
Score

8^/10

persistence
- Blocklisted process makes network request
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Drops file in Drivers directory

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2