f341fae5d857a9a7171570142632c0ee5de5b8c6b5f38bed57979a046910882e | Triage

Sharing

General

Target

FACT641ab.msi
Size

5.5MB
Sample

230322-j9f2jsfg22
MD5

32b29de93b7fd2a52da9b5ede896ca31
SHA1

17aa23016bbbdbc6ea3466abcde03320bd441461
SHA256

f341fae5d857a9a7171570142632c0ee5de5b8c6b5f38bed57979a046910882e
SHA512

e6615899174e347531afb405707aa0bbaaeda84d70a9bcad8d66a72475923a621bf454055c601759655dac641ee1fd26d92fff379f3ba7637586bc2e674db382
SSDEEP

98304:UYnB7YHduKT/GkUgUZpBoMfDM6NpQm9CKcgxqEarrkIzvDDulI+lEj+28+xwitMg:vB7YHduKqhrM6Qm9pHgrkKDD9Xc+ui

Score

8^/10

Malware Config

Targets

- Target
  
  FACT641ab.msi
- Size
  
  5.5MB
- MD5
  
  32b29de93b7fd2a52da9b5ede896ca31
- SHA1
  
  17aa23016bbbdbc6ea3466abcde03320bd441461
- SHA256
  
  f341fae5d857a9a7171570142632c0ee5de5b8c6b5f38bed57979a046910882e
- SHA512
  
  e6615899174e347531afb405707aa0bbaaeda84d70a9bcad8d66a72475923a621bf454055c601759655dac641ee1fd26d92fff379f3ba7637586bc2e674db382
- SSDEEP
  
  98304:UYnB7YHduKT/GkUgUZpBoMfDM6NpQm9CKcgxqEarrkIzvDDulI+lEj+28+xwitMg:vB7YHduKqhrM6Qm9pHgrkKDD9Xc+ui
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2