General

  • Target

    ID-FACT.1675857323.zip

  • Size

    6.4MB

  • Sample

    230208-n35hsaaf48

  • MD5

    5a16c3da7259ac8979a3c82919d7d81a

  • SHA1

    e1ca483e96158012f82f8ac52cd21767bcc3e8fc

  • SHA256

    b2d5d3b13a505771929fd84db963d78492f1fbc2029a16193b31b9c260b427d2

  • SHA512

    3bb85a630329c4b40220e86bbf5af08afac1123886c4195a1cd87286c12995a167d22a8a0f28a8f7d71edd758ba691a7947e24f2d4ec7772e96105beb53b67fa

  • SSDEEP

    196608:TsoWqdKKI1VmRJZBzTkYEedjZR+AHlKg8:IqgodBr/lm

Score
8/10

Malware Config

Targets

    • Target

      FACT63e38.msi

    • Size

      7.2MB

    • MD5

      d2257b6ad231fe4c31cae810117439df

    • SHA1

      9ab0e4e89c8d23821f23dba317d4fdd769a6c045

    • SHA256

      cc5960106ff148a98cb9bdfc8745a78e23f45b9718aced3ccc92b1666e1c2681

    • SHA512

      8a40eacd426eeb788b4202ecdf4471932af2ba7192b35f37d1f076c313413623ee079cb78cbd0630586c4c92b81d4e808cbb1fe95548096bd02cf9f45b17c643

    • SSDEEP

      98304:eYroXAWTb4fZxwIdtkO3TfZctulgj+jV4GPrNaVtETimSc53Q5aVkuCDioRA+Plv:NoFcx7DDetuLj55nTimSc534neo5l7

    Score
    8/10
    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks