General
-
Target
balu.msi
-
Size
8.4MB
-
Sample
230221-19am7saf71
-
MD5
a8cd74892388fd177dcc73a4ffcc7597
-
SHA1
1af61835c4e5dc78c93dad7b1352ff45350f1ae2
-
SHA256
39227e6aecf35b9c34a44ca58e9896727c0fac8235cbf38ec49a3ccb701b8af1
-
SHA512
71b40a4cf79b45c05ae89d1796ccf5e58661068a0507b4cbfe3c94490e4e12e5245b909c2309e05c053b654b13498d88bb28a7f0b051c726f8c3f2aa80914773
-
SSDEEP
98304:cpTzVeiYMRg1+bdf1SUlRfD/m+IN/xcEfWPRhjMoskveTiTODI3aYJSBQOXlwv08:2Reeg12ddXnv8xPWPRXXROsKsSxXb8
Static task
static1
Behavioral task
behavioral1
Sample
balu.msi
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
balu.msi
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
balu.msi
-
Size
8.4MB
-
MD5
a8cd74892388fd177dcc73a4ffcc7597
-
SHA1
1af61835c4e5dc78c93dad7b1352ff45350f1ae2
-
SHA256
39227e6aecf35b9c34a44ca58e9896727c0fac8235cbf38ec49a3ccb701b8af1
-
SHA512
71b40a4cf79b45c05ae89d1796ccf5e58661068a0507b4cbfe3c94490e4e12e5245b909c2309e05c053b654b13498d88bb28a7f0b051c726f8c3f2aa80914773
-
SSDEEP
98304:cpTzVeiYMRg1+bdf1SUlRfD/m+IN/xcEfWPRhjMoskveTiTODI3aYJSBQOXlwv08:2Reeg12ddXnv8xPWPRXXROsKsSxXb8
Score9/10-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-