aa7711cb400ab91e7d51a89f4ffafef0e629a7f74a033402f630daddd0bb9274 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ID-FACT.1692385502.zip
Size

5.8MB
Sample

230818-xr16naed91
MD5

f10df4e1ec0b13c3c022dd3725b54104
SHA1

1de66d9b1053d34a4590fd7fa91fbb0b7b97dce4
SHA256

aa7711cb400ab91e7d51a89f4ffafef0e629a7f74a033402f630daddd0bb9274
SHA512

90bc8fbc1aa0ef75006ea7bc2c5d450606a81aebd209e9d8cb064c2a2104e3bd07f6421ebaacb782ba1919049877de2826432c98b4a0bade8c50211196487721
SSDEEP

98304:YAdK5y/bUYjQ8XcXA3GVxK+M/432kPzKjCRlV5XdpzmWi6FmOK/5izzqT9tYyUaU:YAdK5ULXxqK+zPzfRlVN/zmIvKhiz0Y7

Score

8^/10

Malware Config

Targets

- Target
  
  FACT64dfc.msi
- Size
  
  6.5MB
- MD5
  
  ca3f82735312da34d28ccd26e30d9ec1
- SHA1
  
  e2328a6be8f69c2f2a113bfa0727a7fc4e4e8e04
- SHA256
  
  736448fc80de963a4ac66ddb0658863eb76ad0921015bf625a4e019cd8383081
- SHA512
  
  1026ef6f3e84b8733c4fcbe58b121364564e06519c8b6585b640ae3e6c5952408e7025281199259de5eaf2c33dc762f06712d672b342ccb4d1ad91bdf4ad925d
- SSDEEP
  
  196608:j293ocv5XMiGluKe8JJVtz78IpKpkJgJEm:j2aICzluKzpfVikiJ
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1