6719c4bd451f0c988e20c4e6d4773c015fd98f2882ac1342ef4d48f31bde6cfe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FACT63eb9.msi
Size

7.2MB
Sample

230214-w2l9tafb99
MD5

d5ad2aed1360f13721756a52a9a47d12
SHA1

c3e11b221dc4591a4e8a5634d4a66b77ff8171c9
SHA256

6719c4bd451f0c988e20c4e6d4773c015fd98f2882ac1342ef4d48f31bde6cfe
SHA512

d61a280b47910055ffed83af2f59ba4bc645c0f171c1a526259fe7d10773bdb928d32fe8a645b9e5a69d621e9583cefb1b8f5deb320facf0a911c8700475d177
SSDEEP

196608:s8/r1/apIF/njBNqpVjShyC5NKj/C1B3:s8/mIFvVNqp1SYkK/C

Score

8^/10

Malware Config

Targets

- Target
  
  FACT63eb9.msi
- Size
  
  7.2MB
- MD5
  
  d5ad2aed1360f13721756a52a9a47d12
- SHA1
  
  c3e11b221dc4591a4e8a5634d4a66b77ff8171c9
- SHA256
  
  6719c4bd451f0c988e20c4e6d4773c015fd98f2882ac1342ef4d48f31bde6cfe
- SHA512
  
  d61a280b47910055ffed83af2f59ba4bc645c0f171c1a526259fe7d10773bdb928d32fe8a645b9e5a69d621e9583cefb1b8f5deb320facf0a911c8700475d177
- SSDEEP
  
  196608:s8/r1/apIF/njBNqpVjShyC5NKj/C1B3:s8/mIFvVNqp1SYkK/C
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2