00335ac2ede76fa9f1a1c7fce54cc57263c594bcf14708d752b6d5b88015332a

Sharing

Copy URL Twitter E-mail

General

Target

ad7d96809f5af4f07287784cc9174b43
Size

10.5MB
Sample

240229-c8ptqsbg52
MD5

ad7d96809f5af4f07287784cc9174b43
SHA1

86e4f76a12f38312eea6c014d64f5bc2ce8d8945
SHA256

00335ac2ede76fa9f1a1c7fce54cc57263c594bcf14708d752b6d5b88015332a
SHA512

4b8c9c7c03e735d018ae1f3056e1935ecbe8e9cb9ffa8ac78e95f87e38aecfb2a81bc8a60f09dc12a1905e77aec8594d00286987779ff03292132dcd1d1c08e3
SSDEEP

196608:A5q/nh0QTjRYylBu+8a4ErfGTqwCZOFyXlIeIC3+Rj3VKampZ25YfvnLaLp/I6Z5:AQ/nh0QTjRhpOE7AZCUFkII3cKamL25D

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  InstMsiA.exe
- Size
  
  1.6MB
- MD5
  
  22098231992c8c808543825e19dc9454
- SHA1
  
  e739c40d747e7c27aacdb07b50925b1635ee7366
- SHA256
  
  536e4c8385d7d250fd5702a6868d1ed004692136eefad22252d0dac15f02563a
- SHA512
  
  06cd0f608d57b4620b2c14b6a96740fa624b178d39f0fc6f3dae4032d7bdd5b0d89986f86e1cc7952209655512023b5264d7c2ac7e4fae91e738be25928a63a9
- SSDEEP
  
  49152:Ou0LSVHASxN9aD7sOP93ZPaZRNsa95ZN5H:d0mVgSxa872avR
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  InstMsiW.exe
- Size
  
  1.7MB
- MD5
  
  53820efbc952107ee1a38be6cd5aa3f0
- SHA1
  
  4fc3bf0dc96b5cf5ab26430fac1c33c5c50bd142
- SHA256
  
  4c3516c0b5c2b76b88209b22e3bf1cb82d8e2de7116125e97e128952372eed6b
- SHA512
  
  bbd9a3a11b90b309e1d94541f9cc373acd79bea7a452f3fc2f1c8c83861f7af4d02666beec16f07451b6abe253c58f879da089ff48aca3635247978db98abf44
- SSDEEP
  
  49152:eFxErb1F2gqQF6d8RrycC51DtuoIwgpXIfWzbnoP2qDAp:GGb1FLqQF6dWry//DthQiooP2qDAp
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  MSIcn.msi
- Size
  
  133KB
- MD5
  
  e89329d25f1e212946e655eafe7fceb7
- SHA1
  
  07dc76d4005e4724226bd4adfd65ee0d72bf95ad
- SHA256
  
  0c757a9e61034ff5c8fe65f708ee715b3fcae14132346fdf33154b66770e9723
- SHA512
  
  84b8b6faf4f5001c2294e652b5bfe630bc2b7a595c3cce8fea0552c70a040508e1c6f49d76d735b10c2a69a6847f5ed539a24e408c594770c69d61fde4f2d499
- SSDEEP
  
  1536:bWFtC7FSUHlXAcKxT1ZIBxIQJKqECeLtvjBEJknmwQjHTwFpLTn+dWNgHrzzlzzU:yCZXtKxI0CzEC0rBdm3UFp
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  MSIen.msi
- Size
  
  135KB
- MD5
  
  19413fa11237964f73f90b0856ac1b73
- SHA1
  
  044f979207273b85d311b1fd2b1731e0180cf5d4
- SHA256
  
  f11bf139fee3acd830893198c9c29b0b025ae8cace2f914660286c8ea60f7970
- SHA512
  
  4d9d209fd4db3f1ae29fb8807baf8e9b9f6436f9595a297552342303cf0d41855fe4d33ffb8446a2e1226bce163b11f58c2299f8ed6a5368b6ac8af0a5e55dfd
- SSDEEP
  
  1536:FWFtC7FSUHlXAcKUT+ZIBxIQJKqECeLtvbBBml9Fp/uMpT:ECZXtKUR0CzEC0DBBml9Fp
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  MSIfr.msi
- Size
  
  137KB
- MD5
  
  315ef3953101e77d99f3394dbcd96e10
- SHA1
  
  b1a941715c6f717949626f89f7198e4fe71c87b5
- SHA256
  
  8196434bd037073738258442f9147eea048273d5878e78896ce2d1c0b280c1df
- SHA512
  
  c964341e0c8ac1f72913abe8ee71f1c3ec8d3201dc694480f61ad7a537a08373737a466b0145ba0b830ce3ebe07aba831a82eb022b992ef83096ad0d1c1f1343
- SSDEEP
  
  1536:iWFtC7FSUHlXAcKlTnZIBxIQJKqECeLtvIBPme73tFpzOGQaIhQQhqLh0QQhQQhq:DCZXtKlO0CzEC0wBPme79Fp
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  MSIge.msi
- Size
  
  136KB
- MD5
  
  39175e0f9c1eb58ba36c6b2a9025b538
- SHA1
  
  b636729ef37bd1946d7dfedd703359b33ef81589
- SHA256
  
  f138a9f8bccc981079e7a920d82966af1f45ca5d21a8660b9caa4f251ae4b803
- SHA512
  
  dbb74b170903bfa6ea49bd2e639ecf91ccc346a35e8568ac487fd00324181e567e88a9ec5b35f4786bf633eca5e72bf308fa584d509568e62251c47642cef07d
- SSDEEP
  
  1536:kWFtC7FSUHlXAcK6TnZIBxIQJKqECeLtvZBdgmVXWFp/JUQmuhQQhGWQQhQQhGET:dCZXtK6O0CzEC0RBamVGFp/
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  MSIit.msi
- Size
  
  136KB
- MD5
  
  9a3dd1be1950df2971f211d81836f2b2
- SHA1
  
  35e017037485516ace21df4598279b8c7a8e9a1c
- SHA256
  
  8f9fd8f143a75aed6fee28406b0d7de8304903db94fd361731711ee6606692e6
- SHA512
  
  c2a809a7afc279cb97281fc4ff1f67e6bc4495f83917553a2791f2a725b4b8ad394c388f507d85c7a87a20b1709dc8df456ef0eeb9759ef85dc6b1c8b93ce0f2
- SSDEEP
  
  1536:fWFtC7FSUHlXAcK2T1ZIBxIQJKqECeLtviBhmVFFpKyQS8hQQhiOGQQhQQhi:uCZXtK2I0CzEC0aBhmLFp
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  MSIjp.msi
- Size
  
  136KB
- MD5
  
  518c9765738bc50e2deb6229dc67d235
- SHA1
  
  99b57bc32b795f622d1397368da91f444570abcf
- SHA256
  
  71ebbd8035cd45550941954cfe97e7239b52fa331c19b91688b2241dc6973ada
- SHA512
  
  48cc20360bb7e534aee4800ddf9e53d0d1a913799d7266730fe86164052c6c5c54e062ab7fe9cdb6bd5e9b76fd5f878bdd66ee99d5788d1f514ca52d99c694f2
- SSDEEP
  
  1536:QWFtC7FSUHlXAcKKTnZIBxIQJKqECeLtviBamSFpnbQsvhQfhqhgAyQfhQfhq:hCZXtKKO0CzEC0qBamSFpn5
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16
- Target
  
  MSIko.msi
- Size
  
  135KB
- MD5
  
  76060cba2e4135cbfb25b221f7ff470c
- SHA1
  
  7e9ea02755a697fd10d14162ad6edd288de3aea2
- SHA256
  
  ded65f7c3d3d65b5c3656b575f4ef27adb04056aa3ed1bc855b035215cf2a86f
- SHA512
  
  f2810205ca6524db0f407b3a015a77c6b0a503d335a55688dfe55406e7e9f694354580546ebf61573f63a5e230e634980616bd86fe77bef1b180d3e6b768bd90
- SSDEEP
  
  1536:5WFtC7FSUHlXAcB1T5ZIBxIQJKqECeLtvDBvGVmRJFpqXkCQD2hQfh4FvQPQfhQs:gCZXtB1s0CzEC0LBumRJFpqXro
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18
- Target
  
  MSIsp.msi
- Size
  
  136KB
- MD5
  
  28753be349279aa909d8bd5ba9892f3b
- SHA1
  
  92f1687cada33c2dab4d74fedc51d0c7004f0d2d
- SHA256
  
  ae05fa49c18c9500b98499efaab9b1adab80fd156569b6e3235fee7971c9632f
- SHA512
  
  94704a13d920668d9b47b244249fdc6312f1127b89c2024745da89b61f0b2abcb003d93a0f55bf74998255878c10df906d64404f04bc0ef06dc6d0c17b83e0fb
- SSDEEP
  
  1536:WWFtC7FSUHlXAcKxT+ZIBxIQJKqECeLtvWB3mT/+H3Fp0EyQS8hQQhilQQhQQhi:fCZXtKxR0CzEC0OB3mEFp0
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral19 behavioral20
- Target
  
  MSItw.msi
- Size
  
  133KB
- MD5
  
  388ea28b205625e7d78219b7a2ea7d80
- SHA1
  
  18ae0674ea07dd64460ecda9fc84943f44ea0966
- SHA256
  
  7214dee74c95fdc67147a4d63aa5df635c22efa5971cc6ccc64e42cf711b1a1f
- SHA512
  
  3af9fdaba160f965b7fb11ed842a70a3bd2f345245f6ab867b7d2a3c2f0e47dc714b94aaa83fbe1da1fc6a157fb777bb0f1767ac07730f9a1ca949d043b72726
- SSDEEP
  
  1536:3WFtC7FSUHlXAcKRT+ZIBxIQJKqECeLtvMBDim+mFp+WQ+LhQQh8L+QQhQQh8Lx1:GCZXtKRR0CzEC0EBGmjFp
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21 behavioral22
- Target
  
  _0200BEB4EFB34AC8AF68134E35F0622D
- Size
  
  12KB
- MD5
  
  f8a6018193be629b8ea4c5d7b2452b70
- SHA1
  
  a0d3257b9edfa8769cda28339f2ac7b7db14744c
- SHA256
  
  12e750559bd14b3940831377adc0deb0204d6d14fa1f2d0458b9f84d4a8f5a59
- SHA512
  
  a185450f0f3dc7e5f323f91c0d1b53709009645a60f2961c31406e247d7a0225b01cc03cfb117248eb52a07eaaafe141ff47f3e2630eef707023417d490daa42
- SSDEEP
  
  192:PqN6aAxZSY5jFXD4t/Gw/4H0ia+mvJaeIS1TzDA7ZU/iAPPA6+jtQhRwdxM6MJ53:Po6qYZFXsHwHZuvJJvA7ZU/5Y6dqBS3
Score

1^/10
behavioral23 behavioral24
- Target
  
  _07F57D9CEFDA42F78AFA5E0E12E5A347
- Size
  
  408KB
- MD5
  
  faf9720d90c9fc464709fa65565e9337
- SHA1
  
  e9c48b22fbc797659e054f753462717a27449e47
- SHA256
  
  34157aea467281aaa834115dee2f0a8364f36dcebccf38b073ae140c701f3d5c
- SHA512
  
  ede6ba17f8cb42a5c250417d9555c9c717dc8369a95dff37cb6f0aef4fd0867c5618ef2942dc7ca109c8c2d026bb3dfaf2b6c87e499f22fa9a70f57f96e7a329
- SSDEEP
  
  6144:TV+owB4pCHkRedrhvbeAOuEGGjYaMjbo8L+ZSe1QJkGZyB2D1v2pTnh:5+o8g4v6AOuGj+/o8qZPUvuTh
Score

1^/10
behavioral25 behavioral26
- Target
  
  _1B4DC5A2E06842A2AF67D90F083EA79B
- Size
  
  18KB
- MD5
  
  6b9084b8125f776245f8080a0f5f92ec
- SHA1
  
  72ab2f42654c670dae53f8e75b6d5011bbaba525
- SHA256
  
  9830f7c286284753ca70d94ae90a40ab72a1fa89897eeae8b8c72e4f45de3aaf
- SHA512
  
  9ef5ce7656f524f643f1e882fbb1a540ae339633d23e77a66aeb3f0756bba93c6afaa3c9ada9727398e2180d04f7a7b0cc919037bee1ceaa8d01f8cdb60c6d8f
- SSDEEP
  
  384:UpcY8FpLGOTk5jLwPt92GLpNyoNNUxB4ahAS:IcJPjkBoDDyNFWS
Score

1^/10
behavioral27 behavioral28
- Target
  
  _2797A4C85C6646FB9F5D7699281AD20E
- Size
  
  43KB
- MD5
  
  9b79ebd53c1b255de73cc284c6cdde8e
- SHA1
  
  095fdb8d291c724c04cc90273a51f5bd4932377e
- SHA256
  
  cdfe9e6ce5f83db5d40a21a3aa1a6a449d34b19651d5dcc84de1394f0b115117
- SHA512
  
  6c750ae594c46f033ee51d294361e631766705544d8f4cf1669a768fe360c18018b26ac211cbc496a6be96ed3942a86d4c6ce121fad3edb933029965e16d24de
- SSDEEP
  
  384:xLP5TEO7L3bsHkBh9/XW/pwOUT+fJk1u4cOTpyJ6mTQT0JgfClMpgfXxWwezliaU:j7L3bsHQ9vepwvT+fJkk4PlhmYEe6
Score

1^/10
behavioral29 behavioral30
- Target
  
  _29F1BB2847B84F499F5F20825A00ABC4
- Size
  
  1KB
- MD5
  
  f0a0c01c26f07667d65441a2bb47bcc6
- SHA1
  
  39ee6cd14fe955b346e003ef316b45bfea5bbe60
- SHA256
  
  eb9b5fb8d5e2b7a846a7f4c5e961e9921e78c8d02a2aa6eecda5e5d920b1fb09
- SHA512
  
  deeff5a5ed39a5208e4b0501d2bf4ace5431d258e4984113564a1491ed3c764df6b3639c77f869181e22584da61f9f164c59a8c5b5ffa6304a8418d6a73a7534
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32