531cd61b84c5923504d519f5f60991605438726230aeceab6a812fa987820783 | Triage

Sharing

General

Target

d6a0ec474c1a9be4762a34e045e12327301b0b1c70b25a0475572b138dfbee2e.zip
Size

139KB
Sample

231119-2d5n5scd52
MD5

60ccf3e9418550b16411de16db2c29e5
SHA1

281fd9b7758383896877171268ba3a6d1c93d9b3
SHA256

531cd61b84c5923504d519f5f60991605438726230aeceab6a812fa987820783
SHA512

f0f56970592d44294eb1fc7e7300905b632d8829e2cedf884ec024754f283ed34715aba10006609d1e6e24eadabdb555cedab425ed3154df05714ef36af61324
SSDEEP

3072:HFAKGpAB0gJ72zwQGMlgge06BKjdn71zlrkhbCnDKXOLK6PIsKd:HIa2zRBx6BKRn7VlrktXczW

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  d6a0ec474c1a9be4762a34e045e12327301b0b1c70b25a0475572b138dfbee2e.msi
- Size
  
  309KB
- MD5
  
  c9d54906e576c720fda1e23871435615
- SHA1
  
  b5ecb6f22678599320b29c67e3517981ee991634
- SHA256
  
  d6a0ec474c1a9be4762a34e045e12327301b0b1c70b25a0475572b138dfbee2e
- SHA512
  
  cf6a1d155429f48cdb8f5aaf23b086c5ac48588ada49184941b00fe9a7fad8f3f1413c48c74dc9ee39fcced57a1becfe7a02abd2ce09f48e5e67e9c3b4676935
- SSDEEP
  
  3072:1kxU0X04E6DG963DjY5AFwgz88ereWn/7w05g0ZCHbfIdn7k9uGkEp29wybtE7r2:1AIK3DjY5AQ8er1nzTubfIoZJ
Score

7^/10

persistence
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2