81c97d2a482f8e0062f3e58d22dafedfcd973332f5e62d2511419a42cd9aa9d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

openvpn-pc.msi
Size

84.5MB
Sample

240110-qgkycsghh6
MD5

23e65598bb77239edd9c1841ce68925e
SHA1

be7a9acd02ddb01b1a96e4da330551061a0491d9
SHA256

81c97d2a482f8e0062f3e58d22dafedfcd973332f5e62d2511419a42cd9aa9d4
SHA512

50845f2c4c1743bc4dd686e072701e656ad8ca554b214369f903d12b4cecca139a1682e373704ba995f9537511dda7fbc76fd2e99e16e90009a88912a0defa38
SSDEEP

1572864:xq/S2HNlMod7h2wRo9+XqAt2IQBK/C16TH25OrkUQH1mFmjoMH6tnFE90h:xq3tlMyHosaMdDPjMOrkH0m9qE90

Score

7^/10

Malware Config

Targets

- Target
  
  openvpn-pc.msi
- Size
  
  84.5MB
- MD5
  
  23e65598bb77239edd9c1841ce68925e
- SHA1
  
  be7a9acd02ddb01b1a96e4da330551061a0491d9
- SHA256
  
  81c97d2a482f8e0062f3e58d22dafedfcd973332f5e62d2511419a42cd9aa9d4
- SHA512
  
  50845f2c4c1743bc4dd686e072701e656ad8ca554b214369f903d12b4cecca139a1682e373704ba995f9537511dda7fbc76fd2e99e16e90009a88912a0defa38
- SSDEEP
  
  1572864:xq/S2HNlMod7h2wRo9+XqAt2IQBK/C16TH25OrkUQH1mFmjoMH6tnFE90h:xq3tlMyHosaMdDPjMOrkH0m9qE90
Score

7^/10
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2