a7a147171d947572772c652c953ae618fc1714b7196ff96ab7e8f211d9500c83 | Triage

Sharing

General

Target

Radmin_Server_3.5.2.1_CN.msi
Size

5.2MB
Sample

230828-wzlv9sec52
MD5

9b50418cc0b51cce02334a96f847f231
SHA1

c54aaa89db5a2d66971dbc1a53332fd327ea98fa
SHA256

a7a147171d947572772c652c953ae618fc1714b7196ff96ab7e8f211d9500c83
SHA512

308a3544b18981c6c219cf9f1655a6ff8201e96730c555428d2c181da55df3972b7d1413f067f5cc3f53dd8ff944a55c34ea8854916eddd8856cd4fe06c7548b
SSDEEP

98304:8YYyT9KoryHppmhUIQetTyfgyFLx5yhwXQHEfhUP31KSvwWAUo:8uAorrhUI9t+1x5KrHEfhUP34SvwvUo

Score

8^/10

Malware Config

Targets

- Target
  
  Radmin_Server_3.5.2.1_CN.msi
- Size
  
  5.2MB
- MD5
  
  9b50418cc0b51cce02334a96f847f231
- SHA1
  
  c54aaa89db5a2d66971dbc1a53332fd327ea98fa
- SHA256
  
  a7a147171d947572772c652c953ae618fc1714b7196ff96ab7e8f211d9500c83
- SHA512
  
  308a3544b18981c6c219cf9f1655a6ff8201e96730c555428d2c181da55df3972b7d1413f067f5cc3f53dd8ff944a55c34ea8854916eddd8856cd4fe06c7548b
- SSDEEP
  
  98304:8YYyT9KoryHppmhUIQetTyfgyFLx5yhwXQHEfhUP31KSvwWAUo:8uAorrhUI9t+1x5KrHEfhUP34SvwvUo
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2