General
-
Target
3a4ed249b17e7170639b0e111d2c2538be14d6480b2fc871768671543a9a5362.msi
-
Size
6.5MB
-
Sample
230820-vqlngagf74
-
MD5
16ad68fec4a21531f66cb1851a5f8b29
-
SHA1
7588befa547c3c6d8e87660963c7cee059d2c7fc
-
SHA256
3a4ed249b17e7170639b0e111d2c2538be14d6480b2fc871768671543a9a5362
-
SHA512
b90d7441273b6e6218d542a3425f5309624147f2cc21b2154ae217400941f81f679b240947189d1a9583a147c5d06f16f33cd899766024dbc2cebaf23dfb399a
-
SSDEEP
98304:WYK7UWa2PlWbO7Zc6johi8FM7Ed8DcI9wbdtR5bK1+yKmJKB2juND/IjvlftM0A:UIuDO625n8N9etPU//4/Ijvlf
Malware Config
Targets
-
-
Target
3a4ed249b17e7170639b0e111d2c2538be14d6480b2fc871768671543a9a5362.msi
-
Size
6.5MB
-
MD5
16ad68fec4a21531f66cb1851a5f8b29
-
SHA1
7588befa547c3c6d8e87660963c7cee059d2c7fc
-
SHA256
3a4ed249b17e7170639b0e111d2c2538be14d6480b2fc871768671543a9a5362
-
SHA512
b90d7441273b6e6218d542a3425f5309624147f2cc21b2154ae217400941f81f679b240947189d1a9583a147c5d06f16f33cd899766024dbc2cebaf23dfb399a
-
SSDEEP
98304:WYK7UWa2PlWbO7Zc6johi8FM7Ed8DcI9wbdtR5bK1+yKmJKB2juND/IjvlftM0A:UIuDO625n8N9etPU//4/Ijvlf
Score8/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-