General
-
Target
ID-FACT.1675857323.zip
-
Size
6.4MB
-
Sample
230208-n35hsaaf48
-
MD5
5a16c3da7259ac8979a3c82919d7d81a
-
SHA1
e1ca483e96158012f82f8ac52cd21767bcc3e8fc
-
SHA256
b2d5d3b13a505771929fd84db963d78492f1fbc2029a16193b31b9c260b427d2
-
SHA512
3bb85a630329c4b40220e86bbf5af08afac1123886c4195a1cd87286c12995a167d22a8a0f28a8f7d71edd758ba691a7947e24f2d4ec7772e96105beb53b67fa
-
SSDEEP
196608:TsoWqdKKI1VmRJZBzTkYEedjZR+AHlKg8:IqgodBr/lm
Static task
static1
Behavioral task
behavioral1
Sample
FACT63e38.msi
Resource
win10-20220901-es
Behavioral task
behavioral2
Sample
FACT63e38.msi
Resource
win10v2004-20221111-es
Malware Config
Targets
-
-
Target
FACT63e38.msi
-
Size
7.2MB
-
MD5
d2257b6ad231fe4c31cae810117439df
-
SHA1
9ab0e4e89c8d23821f23dba317d4fdd769a6c045
-
SHA256
cc5960106ff148a98cb9bdfc8745a78e23f45b9718aced3ccc92b1666e1c2681
-
SHA512
8a40eacd426eeb788b4202ecdf4471932af2ba7192b35f37d1f076c313413623ee079cb78cbd0630586c4c92b81d4e808cbb1fe95548096bd02cf9f45b17c643
-
SSDEEP
98304:eYroXAWTb4fZxwIdtkO3TfZctulgj+jV4GPrNaVtETimSc53Q5aVkuCDioRA+Plv:NoFcx7DDetuLj55nTimSc534neo5l7
Score8/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-