General
-
Target
harmless_Windows_Update.msi
-
Size
7.5MB
-
Sample
230515-t951sagd95
-
MD5
99a83e21b443353cb7e7af34fe9b2aca
-
SHA1
2ff2d7099606a4fbeec1adb9d80e7f4d46a74534
-
SHA256
deec97bb19aac63240ec1519358acd150eb22ad4c728d5566fb2255f8696019e
-
SHA512
0218afbd509f45d484edd5397bdee8a0e299b53298d40867fa284ae973d4b484082c7127cf1b0ebc65c815cb111df927ccb0055f5374056f6263e30683d9d975
-
SSDEEP
196608:X0Bow2dd8WhtXXtQrHjzbalgfrzABA0DM2IsukuARWY8q:XQ6ddLxQHfgfA0DM2IGRWY8q
Malware Config
Targets
-
-
Target
harmless_Windows_Update.msi
-
Size
7.5MB
-
MD5
99a83e21b443353cb7e7af34fe9b2aca
-
SHA1
2ff2d7099606a4fbeec1adb9d80e7f4d46a74534
-
SHA256
deec97bb19aac63240ec1519358acd150eb22ad4c728d5566fb2255f8696019e
-
SHA512
0218afbd509f45d484edd5397bdee8a0e299b53298d40867fa284ae973d4b484082c7127cf1b0ebc65c815cb111df927ccb0055f5374056f6263e30683d9d975
-
SSDEEP
196608:X0Bow2dd8WhtXXtQrHjzbalgfrzABA0DM2IsukuARWY8q:XQ6ddLxQHfgfA0DM2IGRWY8q
Score8/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Registers COM server for autorun
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-