79844e278d1e7db4d57274ee1af1d1908778481eac25df23edd4002780f1d99a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Sii_NopagadaFacMarzo.msi
Size

5.7MB
Sample

230605-ytt1ssbb8v
MD5

350591bf29ec642fa8c9025fa187bf9c
SHA1

52e182d5f6db7e244dc22dbdf676e14320ab1db6
SHA256

79844e278d1e7db4d57274ee1af1d1908778481eac25df23edd4002780f1d99a
SHA512

719a8554e147e8dad10f734abee27e12ba1ebf5aded26c15c7ab4493d4d33ce5240ebfecbf86e2a7c6ec7d5c7b77eb80271a9677b2429d4947ed4ee4dba424b9
SSDEEP

98304:fYs8nzxDbIKvS29klWAYyq2nvjeID2yZCFyR2EvyDJaY375w6q0ol82pgS89eneV:hAzxf1ElWAYyqwjJSsC02Ei73K6oMuni

Score

8^/10

Malware Config

Targets

- Target
  
  Sii_NopagadaFacMarzo.msi
- Size
  
  5.7MB
- MD5
  
  350591bf29ec642fa8c9025fa187bf9c
- SHA1
  
  52e182d5f6db7e244dc22dbdf676e14320ab1db6
- SHA256
  
  79844e278d1e7db4d57274ee1af1d1908778481eac25df23edd4002780f1d99a
- SHA512
  
  719a8554e147e8dad10f734abee27e12ba1ebf5aded26c15c7ab4493d4d33ce5240ebfecbf86e2a7c6ec7d5c7b77eb80271a9677b2429d4947ed4ee4dba424b9
- SSDEEP
  
  98304:fYs8nzxDbIKvS29klWAYyq2nvjeID2yZCFyR2EvyDJaY375w6q0ol82pgS89eneV:hAzxf1ElWAYyqwjJSsC02Ei73K6oMuni
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2