Overview

overview

7

Static

static

1

9f8f58faad...d0.msi

windows10-1703-x64

7

9f8f58faad...d0.msi

windows10-2004-x64

7

9f8f58faad...d0.msi

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f8f58faadcda3b49e371c1ae353b30b3713652b0ad8d05b57383142757a74d0.msi

  • Size

    2.0MB

  • Sample

    240319-tnf5jagb65

  • MD5

    ebae9b70769458cf723022ec89b95c32

  • SHA1

    3d3135b87fe274988b86f50d24bde82cc08556bf

  • SHA256

    9f8f58faadcda3b49e371c1ae353b30b3713652b0ad8d05b57383142757a74d0

  • SHA512

    3550c281fc8dcd8078caf6c0cef847280d6ec78216b0e018b01942e82c79499538f3a0553409e3c716edf584ff5c359ce991440bab14d4794f6ae3393788a102

  • SSDEEP

    49152:J3osY5A6b4ms+4UhbrMizYiRpb2mN3rm999OhjY:hY5A6bDhbrfzYiRNdm+

Score
7/10
persistence

Malware Config

Targets

    • Target

      9f8f58faadcda3b49e371c1ae353b30b3713652b0ad8d05b57383142757a74d0.msi

    • Size

      2.0MB

    • MD5

      ebae9b70769458cf723022ec89b95c32

    • SHA1

      3d3135b87fe274988b86f50d24bde82cc08556bf

    • SHA256

      9f8f58faadcda3b49e371c1ae353b30b3713652b0ad8d05b57383142757a74d0

    • SHA512

      3550c281fc8dcd8078caf6c0cef847280d6ec78216b0e018b01942e82c79499538f3a0553409e3c716edf584ff5c359ce991440bab14d4794f6ae3393788a102

    • SSDEEP

      49152:J3osY5A6b4ms+4UhbrMizYiRpb2mN3rm999OhjY:hY5A6bDhbrfzYiRNdm+

    Score
    7/10
    persistence

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks