Overview

overview

7

Static

static

1

02d266017d...dc.msi

windows7-x64

7

02d266017d...dc.msi

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff5a156c1fd9675a8c4a6a589678bebd.bin

  • Size

    18.9MB

  • Sample

    230510-cn36madh64

  • MD5

    ea362427ca573a0bdf21faa251042934

  • SHA1

    1f613dc6e09893834008564370f8942dfb1c889d

  • SHA256

    31390612ef9bb797b322abca1692056988202a3fea43516af13ffa4739e70c95

  • SHA512

    4590f174d09604187148e5c689a5933d7228b3438ee1c66785ad17c64d99f9fad2047db7ede01dd31801267482b549081418fd8b79ef80d00c6a879630c09a5c

  • SSDEEP

    393216:c4jz3XoO+unyVwJkU3WxJR1928DFaahli/6a75hZjVjJzzY1ZxoXT+gLsE1NLvNs:dz3Rnlv3iv99k4lm6athvROA3xzvNs

Score
7/10
persistence

Malware Config

Targets

    • Target

      02d266017daa63108d520772e541f73a41b6d93808995d724a3e14db53696edc.msi

    • Size

      19.6MB

    • MD5

      ff5a156c1fd9675a8c4a6a589678bebd

    • SHA1

      88bf6caea151239474594fda19b35bdb54913c53

    • SHA256

      02d266017daa63108d520772e541f73a41b6d93808995d724a3e14db53696edc

    • SHA512

      901b5ac9d0257878ffe3c9a1caadeb876574fa6fe0bf44384b78df85d31295455e70531c01467c64dbb6d39677be537fee20f7bd7f6428e45ff2b30b146a199e

    • SSDEEP

      393216:C/NsGGTOs66JMk/XiepGEWyfrGlj40TESxPQBPA9wR43yl:57OsjyFeBzyJTE6P4AG7l

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks