0fc59838280a5d1ee9fa531ed578473b4039d7a8aef9fa047c08a32bc18c7b04 | Triage

Sharing

General

Target

0fc59838280a5d1ee9fa531ed578473b4039d7a8aef9fa047c08a32bc18c7b04.msi
Size

35.0MB
Sample

240514-rqrb6sba29
MD5

2bc508fd91bf49c2f29575bb0d017289
SHA1

801c42782cf13dfdac63a4e6ed09f3f4c190b3db
SHA256

0fc59838280a5d1ee9fa531ed578473b4039d7a8aef9fa047c08a32bc18c7b04
SHA512

ea57d0e78d1afb4776fffd777c8cb1131308c5d279613fe188e6e8f0ad1f617987b697cac0e23be291b35df9939ff0eb43db34dc56f0022a2a05f5ba9bda6d59
SSDEEP

786432:blU27h2QVu9cCct5rB9rIX9gW6cnzELhEe2x53gpknKM:blvA+ptO2Cnne2xUe

Score

8^/10

execution

Malware Config

Targets

- Target
  
  0fc59838280a5d1ee9fa531ed578473b4039d7a8aef9fa047c08a32bc18c7b04.msi
- Size
  
  35.0MB
- MD5
  
  2bc508fd91bf49c2f29575bb0d017289
- SHA1
  
  801c42782cf13dfdac63a4e6ed09f3f4c190b3db
- SHA256
  
  0fc59838280a5d1ee9fa531ed578473b4039d7a8aef9fa047c08a32bc18c7b04
- SHA512
  
  ea57d0e78d1afb4776fffd777c8cb1131308c5d279613fe188e6e8f0ad1f617987b697cac0e23be291b35df9939ff0eb43db34dc56f0022a2a05f5ba9bda6d59
- SSDEEP
  
  786432:blU27h2QVu9cCct5rB9rIX9gW6cnzELhEe2x53gpknKM:blvA+ptO2Cnne2xUe
Score

8^/10

execution
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2