Overview

overview

10

Static

static

1

avp.msi

windows10-1703-x64

10

avp.msi

windows10-2004-x64

10

avp.msi

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    avp.msi

  • Size

    1.4MB

  • Sample

    240503-s8jwgsdc95

  • MD5

    4d81be09c23e02fab7364e508c21c111

  • SHA1

    52cae521d7a808c8206f4b5afd6b037bc573b50e

  • SHA256

    dcae57ec4b69236146f744c143c42cc8bdac9da6e991904e6dbf67ec1179286a

  • SHA512

    4f5b4fdeb9a056025455ede8ee6e1757da8db64f9692df2a46558a3c04aaec551734b4d75803bbd579e1163b9aba5005f71c5efb22ee3d336779804a11b2b5a5

  • SSDEEP

    24576:BqKxnNTYUx0ECIgYmfLVYeBZr7A9zdfoAX+8UhxcS:Bq6TYCZKumZr7ARdAAO8oxz

Score
10/10
ssloadloader

Malware Config

Targets

    • Target

      avp.msi

    • Size

      1.4MB

    • MD5

      4d81be09c23e02fab7364e508c21c111

    • SHA1

      52cae521d7a808c8206f4b5afd6b037bc573b50e

    • SHA256

      dcae57ec4b69236146f744c143c42cc8bdac9da6e991904e6dbf67ec1179286a

    • SHA512

      4f5b4fdeb9a056025455ede8ee6e1757da8db64f9692df2a46558a3c04aaec551734b4d75803bbd579e1163b9aba5005f71c5efb22ee3d336779804a11b2b5a5

    • SSDEEP

      24576:BqKxnNTYUx0ECIgYmfLVYeBZr7A9zdfoAX+8UhxcS:Bq6TYCZKumZr7ARdAAO8oxz

    Score
    10/10
    ssloadloader

    • SSLoad

      SSLoad Unpacked DLL payload.

      loaderssload

    • Detects SSLoad Unpacked payload

      loader

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks