Overview

overview

8

Static

static

1

docFactura...95.msi

windows7-x64

8

docFactura...95.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    docFactura_Deuda_637095.msi

  • Size

    6.7MB

  • Sample

    230323-rrg5wsab5v

  • MD5

    17bd475e05e3cb4a0d179bc1135c9f92

  • SHA1

    0a6ec63337bfe3b65a1df72fdb4d0083c6f778c4

  • SHA256

    6f554f1194778df8d80b3b2ddce1ea2abe2d47f29a9c930792446ad242a3e8be

  • SHA512

    86fac5675563ada7308f7329b803939188f45bfc1ce15916ecb73064bf5ec0042ad0dbefb4031dcacb97f9dcb6325ea8c8fbaae1734c20107f5d3ca0c15395e0

  • SSDEEP

    196608:52H5CCN/8EoCE3i5BtPC0vv6iMOh0uTY:52H5J6tSBP9v6M

Score
8/10

Malware Config

Targets

    • Target

      docFactura_Deuda_637095.msi

    • Size

      6.7MB

    • MD5

      17bd475e05e3cb4a0d179bc1135c9f92

    • SHA1

      0a6ec63337bfe3b65a1df72fdb4d0083c6f778c4

    • SHA256

      6f554f1194778df8d80b3b2ddce1ea2abe2d47f29a9c930792446ad242a3e8be

    • SHA512

      86fac5675563ada7308f7329b803939188f45bfc1ce15916ecb73064bf5ec0042ad0dbefb4031dcacb97f9dcb6325ea8c8fbaae1734c20107f5d3ca0c15395e0

    • SSDEEP

      196608:52H5CCN/8EoCE3i5BtPC0vv6iMOh0uTY:52H5J6tSBP9v6M

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks