9a014178ddd4a0f7ec8cb639dd27f695d8599cb224efded5cd706faec9fb1e11 | Triage

Resubmissions

30-06-2023 17:49

230630-wd8g5seb76 8

30-06-2023 17:45

230630-wbqvbaeb69 8

29-06-2023 17:53

230629-wgaqaaed89 8

Sharing

General

Target

formularioimprimibleCLE.zip
Size

5.2MB
Sample

230630-wd8g5seb76
MD5

f857a8578bb0bc8bd9046dc95bb1904c
SHA1

50bbd3825571add8a74ec9efc35516410b7e33d4
SHA256

9a014178ddd4a0f7ec8cb639dd27f695d8599cb224efded5cd706faec9fb1e11
SHA512

0c93cabc02113980d6596d81b37db6b67d9abef52fc31768cbe56ecd59166fcf5fa79f38982fb87e0cacd2573bf68ee396200ccd73e79bce06747f5cc6f0d96c
SSDEEP

98304:kNN1LxxercOR4pZX7Wow5C/uFi4mYHKnn0Py5/CCo+vzm0JQ8WBiELXoDMbtvAj:oLxa6l7WoMCGM4BHI0y5/CCXvK42BiE4

Score

8^/10

Malware Config

Targets

- Target
  
  formularioimprimibleCLE.msi
- Size
  
  6.3MB
- MD5
  
  043dfa1567871c033c9514b544c7fef2
- SHA1
  
  97c9f86276885dcecc0e8108ebe4feef0a231518
- SHA256
  
  55ec807f6f52f3145fc046e64bcf4fa42ed595f10214f22025c07f7c900f3e4b
- SHA512
  
  a86ec480977715b8969d0b11c354acb7694526615006af9e5b1946997905464f0657cca614698cebcc6d7f5b866d6cb1c2220c2385c1bbbd9284f92c9c03d72e
- SSDEEP
  
  196608:u29Ik7oVQ2CAmYcA13ikoGhE4qLSupNxfTC:u2SMJ25mVA1xvzuLM
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2