881b7822da80cffa41cc1c6211f554a42ee4ea92340cbdd1d51df9d20a193b03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

autorizacaoBUWFZCZN.msi
Size

23.5MB
Sample

230207-vk94waga4w
MD5

be9018dc026975bb13411667e15e3765
SHA1

16bad851fe2abc58fc3e559ed07109653f546a1a
SHA256

881b7822da80cffa41cc1c6211f554a42ee4ea92340cbdd1d51df9d20a193b03
SHA512

f00e1caa67ad4b20dda38e1db67ee0ff3c3f9389cbdd990a4d2a28cecd793d4290e3675e7c0a8716a939c929f739d4660faa059ce921792e57133e6d86a6b183
SSDEEP

393216:4F+EEVZJtucWZQ1e3hhpOBJnsKn409u4EIZWSim0BR422pysbX1ADcKADxeQ:1ucWZS8UznxnuiyBLWyiX1ADcKg

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  autorizacaoBUWFZCZN.msi
- Size
  
  23.5MB
- MD5
  
  be9018dc026975bb13411667e15e3765
- SHA1
  
  16bad851fe2abc58fc3e559ed07109653f546a1a
- SHA256
  
  881b7822da80cffa41cc1c6211f554a42ee4ea92340cbdd1d51df9d20a193b03
- SHA512
  
  f00e1caa67ad4b20dda38e1db67ee0ff3c3f9389cbdd990a4d2a28cecd793d4290e3675e7c0a8716a939c929f739d4660faa059ce921792e57133e6d86a6b183
- SSDEEP
  
  393216:4F+EEVZJtucWZQ1e3hhpOBJnsKn409u4EIZWSim0BR422pysbX1ADcKADxeQ:1ucWZS8UznxnuiyBLWyiX1ADcKg
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2