General
-
Target
correioseletronicoHXLKWUGYEZDZ.msi
-
Size
21.2MB
-
Sample
230211-cmscqscg4z
-
MD5
bf8e278fdcb2510822c07b45281eb7c1
-
SHA1
c937f2370260ff90367bb52c90db783eb112899b
-
SHA256
cb704305afe6f0f5869d8cabc63437fae2ec58293661d3ad486d3d77f83d7bca
-
SHA512
68bea78f6270ce245ca9429d9bb60ed7e0d455870d53f243f72b0581a082724bb1f4dc6e4a54a6acd46cd1db6c1de1835caf83f3fe1b88dd41f3b078b5b7872f
-
SSDEEP
393216:qZe+/s2bE9uf7bQRLbiKn0M3bhVKQnYjNJdRkDEmtHg:+bE91biCoQr4me
Malware Config
Targets
-
-
Target
correioseletronicoHXLKWUGYEZDZ.msi
-
Size
21.2MB
-
MD5
bf8e278fdcb2510822c07b45281eb7c1
-
SHA1
c937f2370260ff90367bb52c90db783eb112899b
-
SHA256
cb704305afe6f0f5869d8cabc63437fae2ec58293661d3ad486d3d77f83d7bca
-
SHA512
68bea78f6270ce245ca9429d9bb60ed7e0d455870d53f243f72b0581a082724bb1f4dc6e4a54a6acd46cd1db6c1de1835caf83f3fe1b88dd41f3b078b5b7872f
-
SSDEEP
393216:qZe+/s2bE9uf7bQRLbiKn0M3bhVKQnYjNJdRkDEmtHg:+bE91biCoQr4me
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-