General

  • Target

    3dfe3b93776cdc751f87055375b6a383695b0e35023ee83ea429682748dadbbf.msi

  • Size

    5.1MB

  • Sample

    240618-t4ampawaql

  • MD5

    cd6e738c0c1ee3a30a731611c74dd3cd

  • SHA1

    9f34fe8be4f5e9b438b84b2636c8a44a22ca0e20

  • SHA256

    3dfe3b93776cdc751f87055375b6a383695b0e35023ee83ea429682748dadbbf

  • SHA512

    209ff2a30fd595ce797e5f9f5be3a555acf959da616543af43f832594159f2668d21f39a0bc9678a45833b80e95a521bfe3222367f970c69da82cf963020ef20

  • SSDEEP

    98304:JJN10iWGovYyFCuKGcl+HoYTPeWjgG8CVsPc7HaXibBtfmcmntc6Fvr5:JV0NdjUuKrCoXWjt8GD7HB9mcmeKt

Malware Config

Targets

    • Target

      3dfe3b93776cdc751f87055375b6a383695b0e35023ee83ea429682748dadbbf.msi

    • Size

      5.1MB

    • MD5

      cd6e738c0c1ee3a30a731611c74dd3cd

    • SHA1

      9f34fe8be4f5e9b438b84b2636c8a44a22ca0e20

    • SHA256

      3dfe3b93776cdc751f87055375b6a383695b0e35023ee83ea429682748dadbbf

    • SHA512

      209ff2a30fd595ce797e5f9f5be3a555acf959da616543af43f832594159f2668d21f39a0bc9678a45833b80e95a521bfe3222367f970c69da82cf963020ef20

    • SSDEEP

      98304:JJN10iWGovYyFCuKGcl+HoYTPeWjgG8CVsPc7HaXibBtfmcmntc6Fvr5:JV0NdjUuKrCoXWjt8GD7HB9mcmeKt

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks