726a3c93ca582a7f1c08d18efef856533b27b4a10f2f4b27860bdf1e8cd09de8 | Triage

Sharing

General

Target

d588c5f63420f894c8e959c0431eb8c3.bin
Size

5.1MB
Sample

230602-czst2ahh7v
MD5

d588c5f63420f894c8e959c0431eb8c3
SHA1

f83fcdc88ce864c134a6445489a90f3e5f33b0d3
SHA256

726a3c93ca582a7f1c08d18efef856533b27b4a10f2f4b27860bdf1e8cd09de8
SHA512

7126dc139f13683084cd3c9121c3eb66ea176007cc1d220fabdf6a74ed66893fa64494beb41fa43fb9d2e94320d764a723c75fab4aef2f4d20e325b0e66aec64
SSDEEP

98304:ABUPVRzpNWhkG+M0aIBwHLX8Sg0R2aaXERnX/0FCZzPXpSrRk:kgzpNY+MpkwHLr5pZz/pSy

Score

8^/10

Malware Config

Targets

- Target
  
  SiiMarzoFacturanopagada.msi
- Size
  
  5.7MB
- MD5
  
  fb5fe2eb324b21fd22597b12f6124e69
- SHA1
  
  a085c0f3ae01b807e8596b61057a4ad824ee2d45
- SHA256
  
  dcd729840ba364ad1134c607e21c657d0ec5e9716373ec3a8360422743347971
- SHA512
  
  5a046068953eba2854b11dd87ba0439fba2beddca50944515896aa410e820e4652a491550c2c7e744cffdeecbeedfec9e5b2d77f9b65ab4f4ce8c97926ad8e7f
- SSDEEP
  
  98304:tYqtM0yU8wtIhf+UJ0MgUsymBGtVH6RqKxsmjTyFSRDfNPMbhA:/RCdf+6iUpGGtV3KxsERD1PM
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2