0a946165785e619191740eba7f5aed872bf96c6ecb997cf7801a49889a720c61 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ID-FACT.1675819182.zip
Size

6.4MB
Sample

230208-bp9jcsge94
MD5

3374b8bf9b9e37d457353202e7e8eab1
SHA1

9f74701634851f0178ed2db95d1d2138e03d3f3d
SHA256

0a946165785e619191740eba7f5aed872bf96c6ecb997cf7801a49889a720c61
SHA512

5cf700c6dcab4feec3d96da62a2ee7f660aaac119311494195570eed9ccd14b077b10792af53f69b6755c8713af3749226142741a8eb9093fa18430d63ed16ac
SSDEEP

98304:XRi56x61cRLp6fo/284xvFxbnQfRJ1tijKQFvzCRneb7vlI6Zo3CZpR8ZO9E0r:U1cRLQfoTIDnQZJjzQFvOReLEMpRgO+o

Score

8^/10

Malware Config

Targets

- Target
  
  FACT63e2f.msi
- Size
  
  7.1MB
- MD5
  
  025bbdef6f92b45631344bd9affa51d2
- SHA1
  
  20f28f94fd3b79c3b6a114d9cc45a73bc5d07cab
- SHA256
  
  a7bc65dc16eb4c1a40ce37aacb8f2efbe613d25dee7e996b7baf579213d9fc46
- SHA512
  
  612bffaa4e4acd9f677a45e31d15debc6cbcaf809334c3e7b3f2f7fde8291681ecfcd49078af5a0796683d13a1c3928d7565625af9f08c5e89a0dc1cb1de3e0b
- SSDEEP
  
  196608:vAWjuxRAzk7c7tLJZAx99l1FBSBsdQmxxcP:vAguxd7c7tdZ+99KWx0
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2