e078ae412412d6073a0426e617238b805ede3bb0684ddafa6e16ca9ab7e1560a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

m.msi
Size

5.7MB
Sample

230606-tapjraee34
MD5

23296eae22bcccc460bd2df322896692
SHA1

46c2661130427524c89c0ae94d4727f34f970389
SHA256

e078ae412412d6073a0426e617238b805ede3bb0684ddafa6e16ca9ab7e1560a
SHA512

20e56ced938d5b45f675b151c2d8d2a2de4e975537b96d4df8a8d04c0ccf0fb988f63ae6b2aaa33395e76c911acf00abb548c924ca5bc4418b62b417af2c1fc2
SSDEEP

98304:bYYtMbGawFCoAJPkUfickYc8E6W6U8wLJIPKxsyZKF6KNVWblNg4+gVdNeA:z2Gaj1eYcX8wLwKxsyZKoKNVWRhVd

Score

8^/10

Malware Config

Targets

- Target
  
  m.msi
- Size
  
  5.7MB
- MD5
  
  23296eae22bcccc460bd2df322896692
- SHA1
  
  46c2661130427524c89c0ae94d4727f34f970389
- SHA256
  
  e078ae412412d6073a0426e617238b805ede3bb0684ddafa6e16ca9ab7e1560a
- SHA512
  
  20e56ced938d5b45f675b151c2d8d2a2de4e975537b96d4df8a8d04c0ccf0fb988f63ae6b2aaa33395e76c911acf00abb548c924ca5bc4418b62b417af2c1fc2
- SSDEEP
  
  98304:bYYtMbGawFCoAJPkUfickYc8E6W6U8wLJIPKxsyZKF6KNVWblNg4+gVdNeA:z2Gaj1eYcX8wLwKxsyZKoKNVWRhVd
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2