General

  • Target

    PulseUpgradeHelperInstaller.msi

  • Size

    9.0MB

  • Sample

    240527-wlxevade68

  • MD5

    f1068a59fe501714980c0b62da37fabf

  • SHA1

    7aa842c2844e903322ed9a841b0ded290b1cb767

  • SHA256

    2425f1e1185ec5deaf95b83888d09a8f2f399eff455ca8722c66519de6362c62

  • SHA512

    37b840ce9ca305572a2451e5caf2e39d57e72517c629fa5bbffc84dd0a316778600344c84c0242b3e45d975793e461d1b06102f936874971313e21ec935473d2

  • SSDEEP

    196608:LLzcV7w5yONv0Ztvch9OZmSlNoP8FbSFNk5HaeWIDQ5nGB0m+JKj:TZ5yEotvchgrFb4Nk1mLwcKj

Malware Config

Targets

    • Target

      PulseUpgradeHelperInstaller.msi

    • Size

      9.0MB

    • MD5

      f1068a59fe501714980c0b62da37fabf

    • SHA1

      7aa842c2844e903322ed9a841b0ded290b1cb767

    • SHA256

      2425f1e1185ec5deaf95b83888d09a8f2f399eff455ca8722c66519de6362c62

    • SHA512

      37b840ce9ca305572a2451e5caf2e39d57e72517c629fa5bbffc84dd0a316778600344c84c0242b3e45d975793e461d1b06102f936874971313e21ec935473d2

    • SSDEEP

      196608:LLzcV7w5yONv0Ztvch9OZmSlNoP8FbSFNk5HaeWIDQ5nGB0m+JKj:TZ5yEotvchgrFb4Nk1mLwcKj

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks