General

  • Target

    28ba22db7080458f6aaf81df13d346b2e0112e6e5d43d6cddd3b7db81a42ed42.msi

  • Size

    5.0MB

  • Sample

    240618-tarzwavajq

  • MD5

    482afbd2fc1ca0fd07b2e35cd28ec2e3

  • SHA1

    0847567b931263d1ec10a4b074923c73a1e11333

  • SHA256

    28ba22db7080458f6aaf81df13d346b2e0112e6e5d43d6cddd3b7db81a42ed42

  • SHA512

    a5c9fd29fbb1ba6600a6609a9cde749c7a771127750d6ff6cfaf0568aabc9ad42a92f64a8d179839cce22f9ec784b78cba122ecf58473e1f433f4608fba1cc89

  • SSDEEP

    49152:ukQc/f9r84jEHYDgA5+7vvycFTznm9500zjjZT9eFOsmBBU7FFUG0yzAaeTG8qdx:8VHYDgFjyclbrPcGJqEa2z4SpYzM7

Malware Config

Targets

    • Target

      28ba22db7080458f6aaf81df13d346b2e0112e6e5d43d6cddd3b7db81a42ed42.msi

    • Size

      5.0MB

    • MD5

      482afbd2fc1ca0fd07b2e35cd28ec2e3

    • SHA1

      0847567b931263d1ec10a4b074923c73a1e11333

    • SHA256

      28ba22db7080458f6aaf81df13d346b2e0112e6e5d43d6cddd3b7db81a42ed42

    • SHA512

      a5c9fd29fbb1ba6600a6609a9cde749c7a771127750d6ff6cfaf0568aabc9ad42a92f64a8d179839cce22f9ec784b78cba122ecf58473e1f433f4608fba1cc89

    • SSDEEP

      49152:ukQc/f9r84jEHYDgA5+7vvycFTznm9500zjjZT9eFOsmBBU7FFUG0yzAaeTG8qdx:8VHYDgFjyclbrPcGJqEa2z4SpYzM7

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks