General

  • Target

    375dbccaa8451b917097b50444b2ddeb9e43402172b6908e1182795dbae75904.msi

  • Size

    5.4MB

  • Sample

    240618-tkzsgavdnp

  • MD5

    686445b33c0e51c233049e584fc3e264

  • SHA1

    04f6445c480317fdb5317e9214d5c22f4bd3e314

  • SHA256

    375dbccaa8451b917097b50444b2ddeb9e43402172b6908e1182795dbae75904

  • SHA512

    c138d1a40d9187b39d37a866841376108b9eee85df5d190b1c44dcfb68acb4a34cba480554499783e0cc4914128c665020a71a1b9d8bf1997b7e2aeac432d332

  • SSDEEP

    98304:1+X/n/8/ZaN1AH4jiM7xZKCKf6pAdVuLO59PH0wAkUnSfKSn8/t:y/iarAYeM7Yf6pAjGO5l0wAkUs8/t

Malware Config

Targets

    • Target

      375dbccaa8451b917097b50444b2ddeb9e43402172b6908e1182795dbae75904.msi

    • Size

      5.4MB

    • MD5

      686445b33c0e51c233049e584fc3e264

    • SHA1

      04f6445c480317fdb5317e9214d5c22f4bd3e314

    • SHA256

      375dbccaa8451b917097b50444b2ddeb9e43402172b6908e1182795dbae75904

    • SHA512

      c138d1a40d9187b39d37a866841376108b9eee85df5d190b1c44dcfb68acb4a34cba480554499783e0cc4914128c665020a71a1b9d8bf1997b7e2aeac432d332

    • SSDEEP

      98304:1+X/n/8/ZaN1AH4jiM7xZKCKf6pAdVuLO59PH0wAkUnSfKSn8/t:y/iarAYeM7Yf6pAjGO5l0wAkUs8/t

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Tasks