Overview

overview

8

Static

static

1

00f1RT5016...c2.msi

windows7-x64

7

00f1RT5016...c2.msi

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    FACTURA_00J23RT50167S56T0rTI4i2.zip

  • Size

    6.1MB

  • Sample

    230710-llke6shf46

  • MD5

    215b1f8778353063d9e427e485eb5fb1

  • SHA1

    57d00d4e17f2c7bb9d3387f1ee8d8610e36de5f5

  • SHA256

    07ca0360b267698a9182188c52b457153773f3d9dc3411085714f70d24c4ff10

  • SHA512

    15bf85f1259691acb9a040c029b98ddd5d0a96debf9883be4a906b8351e527e6415b0e1774c4c781ac488c1a5aee76b2ae65e21ce5005a1cf0c6669a05769ef6

  • SSDEEP

    196608:JkkOfpCs0U22Wwo/T7h6kATfSwf+Go10XEmBUgufb+U2kCl:JlOfpCs2Zrh6k4fJmG6JgAb+Fk4

Score
8/10

Malware Config

Targets

    • Target

      00f1RT50167S56T0rTI4c2.msi

    • Size

      7.3MB

    • MD5

      9c03935079502fd8e9cdeb9c4ad4d332

    • SHA1

      84cbd726276cb692c0eaeef75238db3fb7d16554

    • SHA256

      b40e0825b374d997e63a0544cabe0b318931eefbf681e1f51a2671a8394f86db

    • SHA512

      bcf526c7ba6844218f1c48d5152d1934176a6af42d8605b6175f1e27ce7e4a0e207b2ab4d98282bf5522c86b065bef519d78fac4b0f58495de6011404dcd2341

    • SSDEEP

      196608:33ffvMQqki+YMyfNRl0XWZbOmzAgZeNfvGtHZAFxfTC:33ffvMgiFFl0XcbtMgZ8CCFM

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks