160096748e6c23f97fde1b7dca24663118daf8830f589bf59fc2b758634463fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nf.msi
Size

1.9MB
Sample

231128-hwhgsagb3y
MD5

a72aad1cccb561e4085616f3d3f0d32b
SHA1

87559b6511a2ad751d8dc1ef59a7cccd184a647e
SHA256

160096748e6c23f97fde1b7dca24663118daf8830f589bf59fc2b758634463fd
SHA512

3e1b0674f8af9b39e74d55e3f3000ad2b2ef04e6b6c7d6a6746dca8eaa06b53b73666895dbab2d21b9bb1be6e5e9a105db7d06da40c0402d0245071418aba9f3
SSDEEP

49152:3XKCvosTi0sOAZnWk7fNQGqAO5WynKsQTVWEdVxyJpMRIv/BoaTzuVJHsgsFJY:zcODA6AOY2Kxq/BonEY

Score

8^/10

Malware Config

Targets

- Target
  
  nf.msi
- Size
  
  1.9MB
- MD5
  
  a72aad1cccb561e4085616f3d3f0d32b
- SHA1
  
  87559b6511a2ad751d8dc1ef59a7cccd184a647e
- SHA256
  
  160096748e6c23f97fde1b7dca24663118daf8830f589bf59fc2b758634463fd
- SHA512
  
  3e1b0674f8af9b39e74d55e3f3000ad2b2ef04e6b6c7d6a6746dca8eaa06b53b73666895dbab2d21b9bb1be6e5e9a105db7d06da40c0402d0245071418aba9f3
- SSDEEP
  
  49152:3XKCvosTi0sOAZnWk7fNQGqAO5WynKsQTVWEdVxyJpMRIv/BoaTzuVJHsgsFJY:zcODA6AOY2Kxq/BonEY
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2