Overview

overview

10

Static

static

1

nf.msi

windows7-x64

10

nf.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nota Fiscal 0019891241007.zip

  • Size

    543KB

  • Sample

    240114-shd8babger

  • MD5

    82aa29ef937834f8824aecf8647abcb2

  • SHA1

    c83558c2e8a4f179802be1ae9eedc7ac630fe648

  • SHA256

    818d045f6ff8bb5b724aeb377a5872b6b39ba0c5c9eaa67e6870ae80010bea44

  • SHA512

    d26962aa7816df54702eae51fe042b0b45e138eb54e704b0999a44d90dfee84d226a8c0210a80d5eefa06f7d3a78907da28e694acbe4c132ecdcf508e609e70b

  • SSDEEP

    12288:sjHubAoCQFBuAeapp+egkt03qUGFa8N2WuGEx/Ba9UBHcd+5HIXS:sjHu0oCw5pX4qv52SEx/Ba9/2HIXS

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://jucatyo6.autodesk360.com/shares/download/file/SHd38bfQT1fb47330c9911d55948da91b2ea/dXJuOmFkc2sud2lwcHJvZDpmcy5maWxlOnZmLnhsWHBlUVVCU2hhb1JVZlpvdE5uS1E_dmVyc2lvbj05

Targets

    • Target

      nf.msi

    • Size

      1.1MB

    • MD5

      d6d8c76b6638f4519ef9479055078a20

    • SHA1

      be4471d3c684e1d91aca19f3f0b1cba6c7db6971

    • SHA256

      8501cc18076fb71b8d394512d1bf32fc7cc00ad77a2d8b47bc175a337cc3129b

    • SHA512

      8ec7b06a69a8c510544b79c644ac6ff875ea47419339bcc71e7da36761f81c6308f7a69341834447580fb4417f17765e897c1f396b1727f4a8add1bb4eb8a9c0

    • SSDEEP

      24576:FUiYKztdfG8NQGafAtbe/IEFXsaV5C7eYVLsTPRDKeU:FUiYefNQGoARRaV5C77yPROe

    Score
    10/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks