d0255821ef750107ce24f7abbd5d1936f0e736c33e5f1eb46146a4e0faec9e08 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

gitbutler_...us.msi

windows11-21h2-x64

6

Resubmissions

19-08-2024 14:10

240819-rg6eqsycmg 6

19-08-2024 14:06

240819-res2maybld 8

Sharing

General

Target

gitbutler_0.12.19_x64_en-us.msi
Size

11.6MB
Sample

240819-rg6eqsycmg
MD5

9cf1d505bbbecd2bc0631367e708439e
SHA1

d7145e6daf7deb6dbbd3944e34aa2dd62d1d0c28
SHA256

d0255821ef750107ce24f7abbd5d1936f0e736c33e5f1eb46146a4e0faec9e08
SHA512

556f04ffbd9d23a8a74dcc8f1f172edc07bb69c512367ee2dce2285e9fd00c19b7ae64c77fdd06a2abcf203ef92f267c676e43d0ac4ae0581a9a4a89dda201a2
SSDEEP

196608:2kYb7B22FTA/3qfyUEzsX4xvFjr6X0ytPcYkD++HpAD76BaM5lSRB:mF22Fk/3qfyUL0ytPc1D++iD7QaM5Af

Score

6^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

gitbutler_0.12.19_x64_en-us.msi

Resource

win11-20240802-en

discovery persistence privilege_escalation

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  gitbutler_0.12.19_x64_en-us.msi
- Size
  
  11.6MB
- MD5
  
  9cf1d505bbbecd2bc0631367e708439e
- SHA1
  
  d7145e6daf7deb6dbbd3944e34aa2dd62d1d0c28
- SHA256
  
  d0255821ef750107ce24f7abbd5d1936f0e736c33e5f1eb46146a4e0faec9e08
- SHA512
  
  556f04ffbd9d23a8a74dcc8f1f172edc07bb69c512367ee2dce2285e9fd00c19b7ae64c77fdd06a2abcf203ef92f267c676e43d0ac4ae0581a9a4a89dda201a2
- SSDEEP
  
  196608:2kYb7B22FTA/3qfyUEzsX4xvFjr6X0ytPcYkD++HpAD76BaM5lSRB:mF22Fk/3qfyUL0ytPc1D++iD7QaM5Af
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2024

Terms | Privacy