8fb638acce77d9ffa18ec67aa89d3363166d97770de21f022e363e7536f0dfaf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ID-FACT.1676385535.zip
Size

7.6MB
Sample

230214-r6chysde8v
MD5

85b9bb33403a1cdb5f39ca2b3447c63d
SHA1

0a88b47926a5ce20f4b1d08ac948698d5334c045
SHA256

8fb638acce77d9ffa18ec67aa89d3363166d97770de21f022e363e7536f0dfaf
SHA512

7224910ded13499918be777f9f2f33ad1f170f63d3dc37664886814e3b588d44f9246efee65b8d341252d3e2096980ea954b62bb703c61c4bfc5ffe72fd85586
SSDEEP

196608:CSHGmlvPxR7dytlv8XmPW/8gcFO17ovY/o:5mmlRJdyvUXpdovYg

Score

8^/10

Malware Config

Targets

- Target
  
  FACT63eb9.msi
- Size
  
  8.5MB
- MD5
  
  8f675ae0527093724c07edf26659a6f4
- SHA1
  
  1c266b914a1dcd40fa2063f31575d169bdbffe31
- SHA256
  
  56c3d1b1cf857948ea902f3dec47b29a7c84905d1533d26c1b11175a6c828649
- SHA512
  
  fd7c4f323e548804e6a1830f62997e3ac5a4a40a96bd608aa86a0d2f6b1d49bbfda6d8b35a63f69758e965e7376b84bcb0af7b5b3f62d31a2999aa060f3a6d80
- SSDEEP
  
  196608:ZssmTbjbV7bsHn2HA3Ydwx8OAWYdrQg2PbSh+xk:ZssmTjFbsWg35HYdUgh
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2