e3a93b71ad8c5a796d82db7dfab5ad958aced8393e3d43055f8893a4f258bee6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SafeSendArchive-5.4.zip
Size

58.6MB
Sample

240711-ssledascpr
MD5

8886e142be4b779bbd2499924739bf69
SHA1

98d713ee68a270540f53272883b0dcb7f024ea46
SHA256

e3a93b71ad8c5a796d82db7dfab5ad958aced8393e3d43055f8893a4f258bee6
SHA512

01ef5688cba9c05958a5c86ef78a8844413d58c39fb7c9f2020f629920de4f735c7f29b10cd5d86cdf99b91e09199ef7f04c491db2813f39eb430afbac8eb11f
SSDEEP

1572864:e0NRpyVSm6G5F8GX5UevmmHzw7vDnc7PknKc67BfT:FpyGqu8Ueevnc7sKcKBfT

Score

6^/10

link pdf persistence privilege_escalation

Malware Config

Targets

- Target
  
  SafeSendSetup.msi
- Size
  
  35.5MB
- MD5
  
  296db12a343ac895998ca1a4621f7496
- SHA1
  
  95a98845cc88ef5686d4b4ed2f1a77c23c026260
- SHA256
  
  62f10bf535e71b6ee6f2162841d2544aace0ea9cd5c81d6081d28c1fba80d874
- SHA512
  
  bc889ace3ac24eba0e3b26cb5b5786517dd6a17f144ae7e6e82e7bb4f3a01778fbafda7f47ebb5a6dd81fbd8a9e61addde9c576ef17b0e3095f447bae20b18b0
- SSDEEP
  
  786432:LLwCECA6DRbg8+ppSsE6JUty0jZEJmjLOpGWBn55:LZEpuR0p4FH1Z9
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation