a281535fdedf6dd5298ca6a94f3b9b7f1b29acf2a6f5a07ff37c67f6c3ce3049 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

freeoffice2021.msi
Size

118.9MB
Sample

230203-sjqmqsfh29
MD5

e175d3814ac91a533014651e1a2f70c5
SHA1

0b8fefaaa47fca2af3cb3b1edb92dbfd4707ef63
SHA256

a281535fdedf6dd5298ca6a94f3b9b7f1b29acf2a6f5a07ff37c67f6c3ce3049
SHA512

79f0c954fd19bfd65de8579869e03a36fec8997c469131b7b43e7ebb942e7d53fc7a797b8429590fcba90853597d159faceabd9c406e6dbcf23fe54d913fb85d
SSDEEP

1572864:cWsA2SAIg4VNwSg+ixcony10ElyJVH1K6TjROMDnEItqVLYkbEh7Tm:cQat/02EEJVH1KijI+EIMA

Score

8^/10

Malware Config

Targets

- Target
  
  freeoffice2021.msi
- Size
  
  118.9MB
- MD5
  
  e175d3814ac91a533014651e1a2f70c5
- SHA1
  
  0b8fefaaa47fca2af3cb3b1edb92dbfd4707ef63
- SHA256
  
  a281535fdedf6dd5298ca6a94f3b9b7f1b29acf2a6f5a07ff37c67f6c3ce3049
- SHA512
  
  79f0c954fd19bfd65de8579869e03a36fec8997c469131b7b43e7ebb942e7d53fc7a797b8429590fcba90853597d159faceabd9c406e6dbcf23fe54d913fb85d
- SSDEEP
  
  1572864:cWsA2SAIg4VNwSg+ixcony10ElyJVH1K6TjROMDnEItqVLYkbEh7Tm:cQat/02EEJVH1KijI+EIMA
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2