d4a209ac6981db5c2d7dd8aa7392564cfbcca8bc66e19ee5543ab345d82f0529 | Triage

Sharing

General

Target

TelegCN4.12.msi
Size

56.3MB
Sample

230809-n46ggaba62
MD5

990f66c0fd150ec9a1a807326f71dc5d
SHA1

56aeed18f7e9ac71cff0111231d2a32d465737bb
SHA256

d4a209ac6981db5c2d7dd8aa7392564cfbcca8bc66e19ee5543ab345d82f0529
SHA512

dacbf464731627f221aa40ba7bdb76b703a97910bad93583d20ac930b467f1f311f21512bede6096b0556e7075fd136bc0c3145fa392f6e2523527ed0f9632b0
SSDEEP

1572864:zii8ks/kE4Gbo3uZvS/FWhEjVIouVzJ2VT6CWJLrVWQTsm:zNc/+R+Z6/FfjVI3V92VTE5q

Score

10^/10

Malware Config

Targets

- Target
  
  TelegCN4.12.msi
- Size
  
  56.3MB
- MD5
  
  990f66c0fd150ec9a1a807326f71dc5d
- SHA1
  
  56aeed18f7e9ac71cff0111231d2a32d465737bb
- SHA256
  
  d4a209ac6981db5c2d7dd8aa7392564cfbcca8bc66e19ee5543ab345d82f0529
- SHA512
  
  dacbf464731627f221aa40ba7bdb76b703a97910bad93583d20ac930b467f1f311f21512bede6096b0556e7075fd136bc0c3145fa392f6e2523527ed0f9632b0
- SSDEEP
  
  1572864:zii8ks/kE4Gbo3uZvS/FWhEjVIouVzJ2VT6CWJLrVWQTsm:zNc/+R+Z6/FfjVI3V92VTE5q
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3