Overview

overview

8

Static

static

1

FACT649dd.msi

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    ID-FACT.1688066171.zip

  • Size

    5.2MB

  • Sample

    230629-yrn2rseg66

  • MD5

    bebafa308fe8ccaf590628375eda60d8

  • SHA1

    625ba0dd488cfa725063c1eb82252b4f0a047b5b

  • SHA256

    4d1b4b72f3f7b7ff57c313ef5519eac9c6b9dd622869d9d78de61089b15f4612

  • SHA512

    a19983f27c0fd35634594588c89dfea14f4bd6e062b49cc05deb827ff96bf3e7869b196facb2a1c488f1782f13f995e92239a9db6e405a7a89590adc2bba2d3a

  • SSDEEP

    98304:N9QDLOexulernL/EqD4UxEsWVyN338W9xxXohv7lNzk2vWTuMvm:N9OFwiL/EwIsoyN3MaW3nvWTuMvm

Score
8/10

Malware Config

Targets

    • Target

      FACT649dd.msi

    • Size

      6.3MB

    • MD5

      75eb9ae7fcae998d57a577739580e0ec

    • SHA1

      bc7d3fa2803547a99ee8eed90bd58d7ed232ba7f

    • SHA256

      b9ba2cee26cbbeff4059a0f913b214a8958222344d9f6f7b7a3974da92c61aa5

    • SHA512

      db9ee06823d8192e302c3e4b19a9088abf914d1e7b15af2dc2ebcd562390877b80881434d457961bc97fa3c340abd61d963c9a67a507c9b186702ba41c77e2ca

    • SSDEEP

      98304:CYMblo8poDJg29ereZhxF2GlKPdyH9913kbB7hbhMl1ztMEA6tulbxKO1fTC:GFpGXE4fF2yQSQnE1zmxfTC

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks