Overview

overview

8

Static

static

1

instal_Dri...up.msi

windows7-x64

8

instal_Dri...up.msi

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    instal_DrivesSetup.msi

  • Size

    6.3MB

  • Sample

    230720-kq21caef2z

  • MD5

    809a1dd67facb5d3b20f8fe4734117ac

  • SHA1

    0f77871f0b242e8fe6026ec7b45eb067be3500ce

  • SHA256

    875036b61647ce94f069f005d120539ed8c72f09280d16cf17fe0a89c7dda87d

  • SHA512

    9042512854cc594b87a914f9d708bb4c15993ecf093bd272c5ca6030dd7ccdd625b2e64ce21e10e9478bf7083a57b1dccc0fad5613b41f4c6e1e692a3fcca0ba

  • SSDEEP

    196608:YTigt/xrCNCp538Yev5RlQWrgPNL/xfTC:Y2gt/1p6d5RlgFL/M

Score
8/10

Malware Config

Targets

    • Target

      instal_DrivesSetup.msi

    • Size

      6.3MB

    • MD5

      809a1dd67facb5d3b20f8fe4734117ac

    • SHA1

      0f77871f0b242e8fe6026ec7b45eb067be3500ce

    • SHA256

      875036b61647ce94f069f005d120539ed8c72f09280d16cf17fe0a89c7dda87d

    • SHA512

      9042512854cc594b87a914f9d708bb4c15993ecf093bd272c5ca6030dd7ccdd625b2e64ce21e10e9478bf7083a57b1dccc0fad5613b41f4c6e1e692a3fcca0ba

    • SSDEEP

      196608:YTigt/xrCNCp538Yev5RlQWrgPNL/xfTC:Y2gt/1p6d5RlgFL/M

    Score
    8/10

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks