Overview

overview

8

Static

static

1

DEFn_149.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CFDI_880KbHWtQil8I.zip

  • Size

    4.0MB

  • Sample

    230523-zkmqssab91

  • MD5

    76755657de29a7c86c86b38b9b813c42

  • SHA1

    220a59fa3794533403c8aede2b117f434abc80fb

  • SHA256

    21b2d75fa80d35a06ef7b0a07b6c61f53b4eb8d92515c6c836afea942cb91adc

  • SHA512

    a0f133e21806fc0a57b80516ee8e339f10de3a8929197bebe5190b73081fcfcde1529052caa0ab92beb825b38a7fc4efe4f695161822682c15bc1a3bb32f9f1d

  • SSDEEP

    98304:ZSXv6ej0Tv/QS8GAY9dkCoUskr9tejgd1iZ8:ZSXv6eozQSVuYfr9tz1iZ8

Score
8/10
persistence

Malware Config

Targets

    • Target

      DEFn_149.msi

    • Size

      9.5MB

    • MD5

      d31d87002fef6fb66eab17abd28463ab

    • SHA1

      e2d03becbd001f58b0db4bf6df89d621f049c156

    • SHA256

      be279b451718f30e58e970a82bf7af0c64b26027994af9a5bbf92e222ac4906f

    • SHA512

      e9dd080a891d3dc05e8d4edcef46e1943173ceec335c4626a3513085980b58d8c00379e6b5f370a5cdb490abde9bf2a7a2770e6887766f9744438f0e81f0c1c9

    • SSDEEP

      98304:l7mwfuJU7h2Q6lg5eA0NV0Pt6UFfzSERZGBu6bad/ARV9/RPH85N:l7Ce2Qqq47ERZsbamRd

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks