4c9dbf8ad11b96a8638b4476a73534c4477f6b91610b59476348a36fb0650de5 | Triage

Sharing

General

Target

enelfacturanopagada.zip
Size

11.0MB
Sample

231117-w68nlsdf7t
MD5

6c4274cb181fb85c3f8f9190c15f4220
SHA1

c7b85a4705a634c1bdbd66fbcc49c1e5825a1563
SHA256

4c9dbf8ad11b96a8638b4476a73534c4477f6b91610b59476348a36fb0650de5
SHA512

0de8c18f07933f9083fc39aecdfc910885f219f9445ec63fe62da3ab25dd0436d0a7697cd99dd768ee7523c84a93b8b493004e4f682d3abac7f75e7ecc85ea43
SSDEEP

196608:tNmAccoFmU9kCsikk6rt3OtrIc7xXjsXInAFclZ7f9vbARgwM0Hvyve1a0APW0om:WAIFmri4t38Ic7xFnA2NRARgw36m4P5t

Score

7^/10

Malware Config

Targets

- Target
  
  enelfacturanopagada.msi
- Size
  
  12.1MB
- MD5
  
  1c227f66ba9be0d8b241855ab970469f
- SHA1
  
  dbf8abb10d8bc81bd6a8ff00c9e0da82451e9faf
- SHA256
  
  8580240bd09f39ae2da96ad133449e66203fa481bf786107e8be5bbb151c91b1
- SHA512
  
  04ca4475701744843d5b4c0e6e35a45368d322834765b00841b35d09d7320773bd5e2bc5309e2f76292024e1afdf73fd4cdcf278a6dfa20ea2f013fa1d24a2d5
- SSDEEP
  
  393216:VmEIdgNKOHxSwalZiYEn5ela+RCMuD7ay:Cdg0ORIxEcpRJOWy
Score

7^/10
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2