b40e0825b374d997e63a0544cabe0b318931eefbf681e1f51a2671a8394f86db | Triage

Sharing

General

Target

00f1RT50167S56T0rTI4c2.msi
Size

7.3MB
Sample

230710-d9xreahd6z
MD5

9c03935079502fd8e9cdeb9c4ad4d332
SHA1

84cbd726276cb692c0eaeef75238db3fb7d16554
SHA256

b40e0825b374d997e63a0544cabe0b318931eefbf681e1f51a2671a8394f86db
SHA512

bcf526c7ba6844218f1c48d5152d1934176a6af42d8605b6175f1e27ce7e4a0e207b2ab4d98282bf5522c86b065bef519d78fac4b0f58495de6011404dcd2341
SSDEEP

196608:33ffvMQqki+YMyfNRl0XWZbOmzAgZeNfvGtHZAFxfTC:33ffvMgiFFl0XcbtMgZ8CCFM

Score

8^/10

Malware Config

Targets

- Target
  
  00f1RT50167S56T0rTI4c2.msi
- Size
  
  7.3MB
- MD5
  
  9c03935079502fd8e9cdeb9c4ad4d332
- SHA1
  
  84cbd726276cb692c0eaeef75238db3fb7d16554
- SHA256
  
  b40e0825b374d997e63a0544cabe0b318931eefbf681e1f51a2671a8394f86db
- SHA512
  
  bcf526c7ba6844218f1c48d5152d1934176a6af42d8605b6175f1e27ce7e4a0e207b2ab4d98282bf5522c86b065bef519d78fac4b0f58495de6011404dcd2341
- SSDEEP
  
  196608:33ffvMQqki+YMyfNRl0XWZbOmzAgZeNfvGtHZAFxfTC:33ffvMgiFFl0XcbtMgZ8CCFM
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2