a477fda8a78097e8546e5075a5d768f0077978d3410f6fb03fb93c33e1748c7a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pending.zip
Size

404KB
Sample

230502-s1vb9add5z
MD5

710bf73777e20176d3ba32e69b24b458
SHA1

49088184b6f838b8c7b677ae1b52f12645048a46
SHA256

a477fda8a78097e8546e5075a5d768f0077978d3410f6fb03fb93c33e1748c7a
SHA512

d94d95a603488e8d934452194db50567f12198fbb7c5fb81fd605f9e1f307fe3478b055844b8cb55df0568e0dd3563767864e339b972133ce2466c60e9f77844
SSDEEP

12288:YFgZIAZsULQYhFc9f3AMrvmTs8Uk+7Bfvlx:HILWQY3c9fwMr+g9kGvv

Score

8^/10

Malware Config

Targets

- Target
  
  a95de370372249406f5fa4c9f23d9acb7cadb2690e265965586f335350b3fecc
- Size
  
  596KB
- MD5
  
  8403ebe786ee689c4c39d12bc5648a51
- SHA1
  
  8ae6b2938ff6b225b7634b793c47faeed7e1d00f
- SHA256
  
  a95de370372249406f5fa4c9f23d9acb7cadb2690e265965586f335350b3fecc
- SHA512
  
  3ac47dec19792bf9df950a782da9e92c986db3e46d9dfb42853908ef4282d01c0b9c5611028520254475e9498f6fc42ca98f30dbab0b4fdef972b00093746162
- SSDEEP
  
  12288:Puyi2V1O/DKoX20Wa7R/uWT8CuCvnMrC5Pw0lyWSeOWJiFQKVO8Wze5:WyDn4ma7R/aPCvMrCOwhHuHVO7ze
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2