325ff3e235cd4da73fb0c17b0dee3882999a5961a24f755d91ab33a321066670 | Triage

Resubmissions

11/07/2023, 18:05

230711-wpa11sad45 8

11/07/2023, 17:48

230711-wdhaysbd4v 8

Sharing

Copy URL Twitter E-mail

General

Target

STCPClient5.2.0.0Ticket-PTB.msi
Size

21.9MB
Sample

230711-wdhaysbd4v
MD5

f0ee20fa898eb1a9d3eabbfb9f5e2dcc
SHA1

741e580f6ae7581f6b736a4bf3e186adb5ca4bdd
SHA256

325ff3e235cd4da73fb0c17b0dee3882999a5961a24f755d91ab33a321066670
SHA512

eb601b86f80874765b63c35caca2b0d0b12d519a7f2b18b0bae48de98c1175eaefd3851aac49e370d2a97c7f2503d6f8731ece3871cab66715ab573f5ee2f9d0
SSDEEP

393216:kRGXee48P3i85cB+v9CU4rHn84ZASpsBeMEO6PtU/WBHNJ9433CZfK:VuG/igc0v9B4r4rBeMEO6PtYWBL94YfK

Score

8^/10

Malware Config

Targets

- Target
  
  STCPClient5.2.0.0Ticket-PTB.msi
- Size
  
  21.9MB
- MD5
  
  f0ee20fa898eb1a9d3eabbfb9f5e2dcc
- SHA1
  
  741e580f6ae7581f6b736a4bf3e186adb5ca4bdd
- SHA256
  
  325ff3e235cd4da73fb0c17b0dee3882999a5961a24f755d91ab33a321066670
- SHA512
  
  eb601b86f80874765b63c35caca2b0d0b12d519a7f2b18b0bae48de98c1175eaefd3851aac49e370d2a97c7f2503d6f8731ece3871cab66715ab573f5ee2f9d0
- SSDEEP
  
  393216:kRGXee48P3i85cB+v9CU4rHn84ZASpsBeMEO6PtU/WBHNJ9433CZfK:VuG/igc0v9B4r4rBeMEO6PtYWBL94YfK
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1