7a7d759f5ef31d2096cd341e778cc975da6c76f1989dba2c9623ed651189b7c4

Sharing

Copy URL

Twitter E-mail

General

Target

19ef6ed5fc447173740d956500819b51784815dd8ed8ea6a25972feb5c5d1fbe.zip.zip
Size

5.6MB
Sample

231107-rnqmvsha31
MD5

99f280354386903733c4d4cd7694f786
SHA1

d615c4b73ac8d3504d5e390bbe386dfc6253a9e1
SHA256

7a7d759f5ef31d2096cd341e778cc975da6c76f1989dba2c9623ed651189b7c4
SHA512

a5b74ed4a28b31c623331e549d8a33eb744dce8354232ea3a3e9c5847374a0952443f05d612823c6ec16e9732019801a969fce49dbbfc41ebb85460658b5420f
SSDEEP

98304:YYzGJt4Z95Xcl0GVEnipP5EN9s/OaGcv7cfCeMwqyk0zLBM4a7kmoQk/bs/r/KJW:Y4GJt4Ol0AAipxka/BcbMBr0zL24a7Kw

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ChangeIt211/InstMsiA.Exe
- Size
  
  1.6MB
- MD5
  
  cd91a545478263b4e6902e7d5932077d
- SHA1
  
  7fbedfe34eec29469ef14d7cc2ef3554f69798e5
- SHA256
  
  5ab8b82f578f09dbccf797754155e531b5996b532c1f19c531596ec07cc4b46d
- SHA512
  
  2ad130fcb66d23c0059f4eee33de43b2b2cb2677b8ea3c62690b44398a66405518a21fb37f05c85a4f8de5c79ca0c70e48747b289e17b88ebc77f853a5d47e6a
- SSDEEP
  
  49152:WH/TMKsbxmkfhZ8t5/s2vNObkdmuqKx3+:K/TMKsbxm+Ut5/3v+z
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  ChangeIt211/InstMsiW.Exe
- Size
  
  1.7MB
- MD5
  
  d0ef61e0a6eb919ba51229d14c3ef5d5
- SHA1
  
  1a924a2174265c6528a37ead0cfab1ca1a6feda0
- SHA256
  
  242daf8aeb1c8b1298316b6daeaac56a30ae48b199b759ba1e1d577bfefd61ab
- SHA512
  
  63d452615035b854d43bf30866bdd2c6b6daf4b783c1dbf90d180cdca6f52e5d15eb69458034d9773faf291c900fd70d1a00d0b14a5bef5685d9c2bd8eea72c4
- SSDEEP
  
  24576:SX3JecjJ/NoZytdDRx6uF9ngsHJ3TMQo1IfZ8Cu56xfWOfvo9wauZZHqeC/M4A++:SX3kANXVxq6y1YK7Y5WAvQwZZKeCk
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  ChangeIt211/Setup.Exe
- Size
  
  64KB
- MD5
  
  1b7af5de542aced976404383416f6722
- SHA1
  
  1f28ddc8dbfc58a6c627669e56673d914a9a6c5c
- SHA256
  
  f7fb208405fdbb321f10a161fc3b785706d2cea17b30d2d2196f03e900a79126
- SHA512
  
  04f3615149839cdd2737d6a837fc69d2ab181b94a4563b67eaf95d76b8a4009dba0f02b4bcefa1c5a5fb496dd80a15f373214e71c3612016f19265c3b28ddda5
- SSDEEP
  
  1536:Sv6jLwUkDK9VTR79jdqgr69rhswJlXOPJ6XcfU:SewUdV79jdaD+PJ6XcfU
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  ChangeIt211/Setup.msi
- Size
  
  2.6MB
- MD5
  
  4f9df515ae78ce5ff936e5047fd8ffd9
- SHA1
  
  f4bfb904a1fed45c263835ec6c9a119904dd83c0
- SHA256
  
  03e6ab7185a323e370b5ea0dc995a2d442bf94a8d000dc9356bca843ef5ab5ff
- SHA512
  
  401d79a2bd312d301ca1e9759408ff60f4a397ea3894f50fe6bc06e938ef6f0ef59dfd21fd7f4a830b2ffa72c771cb2b180cf1648bab2bfa2c24f0601bac31c5
- SSDEEP
  
  49152:Nxdwlp9wErySoLlSdRCeZANV2W813YKQEa5sIX2ygT/84Wr:cp9wEALlqRCeZAWnpYKQEaeM2yL4Wr
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8