a19b73fe0c57ceea5b4da90b036a23da1b4a4032c8ab86013a4fb6861cd71695 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nutanix-VirtIO-latest-stable-x86.msi
Size

9.1MB
Sample

230720-krh9maea84
MD5

d3ad36f7de4b580341febdb32263ca3b
SHA1

b67b0f70276c1897570f238e8b221c6c5a89ce1a
SHA256

a19b73fe0c57ceea5b4da90b036a23da1b4a4032c8ab86013a4fb6861cd71695
SHA512

5d3d3a7e614c6c16b1a0c2af2dbcab87e118bb2dd963d3f2c9d6aba998a51e3c7814bbcd47f3f3a78d50e38134bacc021c743791794377e00351c6098f397001
SSDEEP

196608:3zd7NoJRiCA5dgoJe160UvaHT0sCuz53apZm1EYtu:3FNEgCAzgoJ7tK0sP53yZ+VE

Score

8^/10

Malware Config

Targets

- Target
  
  Nutanix-VirtIO-latest-stable-x86.msi
- Size
  
  9.1MB
- MD5
  
  d3ad36f7de4b580341febdb32263ca3b
- SHA1
  
  b67b0f70276c1897570f238e8b221c6c5a89ce1a
- SHA256
  
  a19b73fe0c57ceea5b4da90b036a23da1b4a4032c8ab86013a4fb6861cd71695
- SHA512
  
  5d3d3a7e614c6c16b1a0c2af2dbcab87e118bb2dd963d3f2c9d6aba998a51e3c7814bbcd47f3f3a78d50e38134bacc021c743791794377e00351c6098f397001
- SSDEEP
  
  196608:3zd7NoJRiCA5dgoJe160UvaHT0sCuz53apZm1EYtu:3FNEgCAzgoJ7tK0sP53yZ+VE
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2