b089485a125e744a166fc05cef1ec2ed5eeaa51b12f3b8e8d0adc73e7579cc5a | Triage

Sharing

General

Target

b089485a125e744a166fc05cef1ec2ed5eeaa51b12f3b8e8d0adc73e7579cc5a.msi
Size

35.0MB
Sample

240515-b5rngsbf54
MD5

f21f1b608d45926927f6178511bdd579
SHA1

a1a251359d7cea7dfeb52d1314bc460144533eca
SHA256

b089485a125e744a166fc05cef1ec2ed5eeaa51b12f3b8e8d0adc73e7579cc5a
SHA512

66521db47efc6a6f82693330af0e612886e7f0f13c7737da6459c0abb937ad1cbcd1376dc9fbddd6d78af551bc38913871e2e21e48e8d5ed630377b523e8f276
SSDEEP

786432:tlC27h2QVu9cCct5rB9rIX9gW6cnzELhEe2x53gpY:tldA+ptO2Cnne2xUY

Score

8^/10

execution

Malware Config

Targets

- Target
  
  b089485a125e744a166fc05cef1ec2ed5eeaa51b12f3b8e8d0adc73e7579cc5a.msi
- Size
  
  35.0MB
- MD5
  
  f21f1b608d45926927f6178511bdd579
- SHA1
  
  a1a251359d7cea7dfeb52d1314bc460144533eca
- SHA256
  
  b089485a125e744a166fc05cef1ec2ed5eeaa51b12f3b8e8d0adc73e7579cc5a
- SHA512
  
  66521db47efc6a6f82693330af0e612886e7f0f13c7737da6459c0abb937ad1cbcd1376dc9fbddd6d78af551bc38913871e2e21e48e8d5ed630377b523e8f276
- SSDEEP
  
  786432:tlC27h2QVu9cCct5rB9rIX9gW6cnzELhEe2x53gpY:tldA+ptO2Cnne2xUY
Score

8^/10

execution
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2