Overview

overview

6

Static

static

1

setup.zip

windows10-1703-x64

1

__MACOSX/._setup.msi

windows10-1703-x64

3

setup.msi

windows10-1703-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    setup.zip

  • Size

    1.8MB

  • Sample

    240629-wwy2eswckk

  • MD5

    3130428a5e8ec7046b79b5c3f23db5a1

  • SHA1

    fc6f04dd7d122e829da3e9986bd6855daf8d2d62

  • SHA256

    4e9d20fe0cb8292b6b2f4fd20ad98a77294542b43e1742a022ced1d2f9809505

  • SHA512

    7500a04240d6f5169c9db6771823b621c6869b2f0b093eed3dc9cead1e8ca34a29881966cba175befca15a811bbd2dc40833835125e7d346ab9dc20c912b1e7c

  • SSDEEP

    24576:ras0pYhNFoF7ydQbcQ+Ljcv+az1Jv9kPrEXgxMfMIGyIwh6v0hvgPd9fltA:2ZKrFo5ydQbJ+ncFz/v9kjEXjffEcqt+

Score
6/10
persistenceprivilege_escalation

Malware Config

Targets

    • Target

      setup.zip

    • Size

      1.8MB

    • MD5

      3130428a5e8ec7046b79b5c3f23db5a1

    • SHA1

      fc6f04dd7d122e829da3e9986bd6855daf8d2d62

    • SHA256

      4e9d20fe0cb8292b6b2f4fd20ad98a77294542b43e1742a022ced1d2f9809505

    • SHA512

      7500a04240d6f5169c9db6771823b621c6869b2f0b093eed3dc9cead1e8ca34a29881966cba175befca15a811bbd2dc40833835125e7d346ab9dc20c912b1e7c

    • SSDEEP

      24576:ras0pYhNFoF7ydQbcQ+Ljcv+az1Jv9kPrEXgxMfMIGyIwh6v0hvgPd9fltA:2ZKrFo5ydQbJ+ncFz/v9kjEXjffEcqt+

    Score
    1/10
    behavioral1

    • Target

      __MACOSX/._setup.msi

    • Size

      176B

    • MD5

      bcc9aea5548d27e3067b68b4b468f8c1

    • SHA1

      44de4efd906b40f9cf54074c7563ef5cb2efb1d3

    • SHA256

      cde7eb104c47a8dc05f6f88b716cf5e93da897df6908cf6b1d1f64aff325f35d

    • SHA512

      8b9667440d2be116ce3f4e0bac2e0e4b69375786cc59f1b83fc5a164494e163cc9c32f86e1a4a0b70e8e9ab149150cc0215a9f00a152962b99fa26aff1e315e6

    Score
    3/10
    persistenceprivilege_escalation
    behavioral2

    • Target

      setup.msi

    • Size

      4.2MB

    • MD5

      83e54ade774631fd876d42db1aa9e2b5

    • SHA1

      5d8628c67924bdb47cb4cb6553c548963248b82e

    • SHA256

      172a2c8422fb92c9a1006e845d5c4712dd22e10a0ed0cc9480cf56aecd20ebf5

    • SHA512

      c1b1498a354a70c3ad7df38039242b8effd93b914e11d618083214fad851b8f76dc84662959ca03f17d5413d6d5d68f0db4e53a3121673bd5c1d3020a81ba03e

    • SSDEEP

      49152:Qr/6PGYzLFoc25e6+f/87lPjgzixI+vGYRnAWNRWw5EQbhpP9gY0dB0lAwvI/oQt:DPG6L40iuWfCsFaUDxQI4

    Score
    6/10
    persistenceprivilege_escalation

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks