Overview

overview

7

Static

static

1

nopagadanueva.msi

windows7-x64

7

nopagadanueva.msi

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    nopagadanueva.msi

  • Size

    19.5MB

  • Sample

    240228-z5ldgaeb59

  • MD5

    c0f6066a362f1f0a6bc04e0d16119ff8

  • SHA1

    b89ecfbadc421881b549dcbf87483784081c21a8

  • SHA256

    28b18c105c82cd23a71516cec81f6ffd6c2ea30ecbf3084cd7c54eb2f2a6a92e

  • SHA512

    41d92de4543767245658350c7fc9d4bbf2002a52194d72aafec98e621314b63727de146e20b68f48f29a25cb6ce2caf9ee9be6c823869dcc249d93141a309f64

  • SSDEEP

    393216:VLOTINI1t+huyjI7sMA8xdZ6F2W494kdw+re6pK7gpagVxtBqIRgF4MO0:NO0e1Qts7sMA8xdK/kvSP7gY6tBjBMO0

Score
7/10
upx

Malware Config

Targets

    • Target

      nopagadanueva.msi

    • Size

      19.5MB

    • MD5

      c0f6066a362f1f0a6bc04e0d16119ff8

    • SHA1

      b89ecfbadc421881b549dcbf87483784081c21a8

    • SHA256

      28b18c105c82cd23a71516cec81f6ffd6c2ea30ecbf3084cd7c54eb2f2a6a92e

    • SHA512

      41d92de4543767245658350c7fc9d4bbf2002a52194d72aafec98e621314b63727de146e20b68f48f29a25cb6ce2caf9ee9be6c823869dcc249d93141a309f64

    • SSDEEP

      393216:VLOTINI1t+huyjI7sMA8xdZ6F2W494kdw+re6pK7gpagVxtBqIRgF4MO0:NO0e1Qts7sMA8xdK/kvSP7gY6tBjBMO0

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks