6323a8db1327f5d7d5b0d1160a18d3216e4cc4e169db14cce7207163b735acb3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

squid.msi
Size

16.7MB
Sample

230704-ta18jsfa64
MD5

2025919c486437aca72b3499ac06dfd7
SHA1

5e2931bd047e77719d623995c51a83c8ddcd4432
SHA256

6323a8db1327f5d7d5b0d1160a18d3216e4cc4e169db14cce7207163b735acb3
SHA512

2dbe7f1a3f502041c4195f413a964732a1682299bfdcd66e129dae9ecfea266e47e737ac41c477b2b2c31181a9819d9ec0c87ae089adda5d345e0b3795c01c8c
SSDEEP

393216:sHDCHhrFoqIHlD+Nd61luPb6FYDWyj4goEpfZUiU:sjCHhxkH+slQ6FW74gpfCp

Score

8^/10

Malware Config

Targets

- Target
  
  squid.msi
- Size
  
  16.7MB
- MD5
  
  2025919c486437aca72b3499ac06dfd7
- SHA1
  
  5e2931bd047e77719d623995c51a83c8ddcd4432
- SHA256
  
  6323a8db1327f5d7d5b0d1160a18d3216e4cc4e169db14cce7207163b735acb3
- SHA512
  
  2dbe7f1a3f502041c4195f413a964732a1682299bfdcd66e129dae9ecfea266e47e737ac41c477b2b2c31181a9819d9ec0c87ae089adda5d345e0b3795c01c8c
- SSDEEP
  
  393216:sHDCHhrFoqIHlD+Nd61luPb6FYDWyj4goEpfZUiU:sjCHhxkH+slQ6FW74gpfCp
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1